From 1ce8284cbe1324c24458732faf6380c6d77f3197 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 8 Mar 2022 10:51:53 -0500
Subject: [PATCH] Enhancement: cves/2022/CVE-2022-24112.yaml by mp

---
 cves/2022/CVE-2022-24112.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cves/2022/CVE-2022-24112.yaml b/cves/2022/CVE-2022-24112.yaml
index 7922f87e59..eb82122e33 100644
--- a/cves/2022/CVE-2022-24112.yaml
+++ b/cves/2022/CVE-2022-24112.yaml
@@ -1,8 +1,9 @@
 id: CVE-2022-24112
 
 info:
-  name: Apache APISIX apisix/batch-requests RCE
-  description: Apache APISIX apisix/batch-requests plugin allows overwriting the X-REAL-IP header to RCE;An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
+  name: Apache APISIX apisix/batch-requests Remote Code Execution
+  description: "A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An Apache APISIX apisix/batch-requests plugin allows overwriting the X-REAL-IP header to RCE. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed."
+  remediation: "Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`)."
   author: Mr-xn
   severity: critical
   reference:
@@ -75,3 +76,5 @@ requests:
         group: 1
         regex:
           - 'GET \/([a-z-]+) HTTP'
+
+# Enhanced by mp on 2022/03/08