5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
References
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-10295 x_refsource_REDHAT vdb-entry
- RHBZ#2321258 issue-tracking x_refsource_REDHAT
Affected products
- =<2.14.2
Matching in nixpkgs
pkgs.grpc-gateway
GRPC to JSON proxy generator plugin for Google Protocol Buffers
-
nixos-unstable -
- nixpkgs-unstable 2.27.2
pkgs.janus-gateway
General purpose WebRTC server
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
pkgs.ingress2gateway
Convert Ingress resources to Gateway API resources
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
pkgs.firezone-gateway
WireGuard tunnel server for the Firezone zero-trust access platform
-
nixos-unstable -
- nixpkgs-unstable 1.4.15
pkgs.jetbrains.gateway
Remote development for JetBrains products
-
nixos-unstable -
- nixpkgs-unstable 2025.2.1
pkgs.prometheus-pushgateway
Allows ephemeral and batch jobs to expose metrics to Prometheus
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.chirpstack-gateway-bridge
Gateway Bridge abstracts Packet Forwarder protocols into Protobuf or JSON over MQTT
-
nixos-unstable -
- nixpkgs-unstable 4.0.11
pkgs.python312Packages.dask-gateway
Client library for interacting with a dask-gateway server
-
nixos-unstable -
- nixpkgs-unstable 2023.1.1
pkgs.python313Packages.dask-gateway
Client library for interacting with a dask-gateway server
-
nixos-unstable -
- nixpkgs-unstable 2023.1.1
pkgs.azure-cli-extensions.arcgateway
Microsoft Azure Command-Line Tools Arcgateway Extension
-
nixos-unstable -
- nixpkgs-unstable 1.0.0b1
pkgs.python312Packages.aioruuvigateway
Asyncio-native library for requesting data from a Ruuvi Gateway
-
nixos-unstable -
- nixpkgs-unstable 0.1.0
pkgs.python312Packages.pyxiaomigateway
Python library to communicate with the Xiaomi Gateway
-
nixos-unstable -
- nixpkgs-unstable 0.14.3
pkgs.python312Packages.quantum-gateway
Python library for interacting with Verizon Fios Quantum gateway devices
-
nixos-unstable -
- nixpkgs-unstable 0.0.8
pkgs.python313Packages.aioruuvigateway
Asyncio-native library for requesting data from a Ruuvi Gateway
-
nixos-unstable -
- nixpkgs-unstable 0.1.0
pkgs.python313Packages.pyxiaomigateway
Python library to communicate with the Xiaomi Gateway
-
nixos-unstable -
- nixpkgs-unstable 0.14.3
pkgs.python313Packages.quantum-gateway
Python library for interacting with Verizon Fios Quantum gateway devices
-
nixos-unstable -
- nixpkgs-unstable 0.0.8
pkgs.haskellPackages.amazonka-apigateway
Amazon API Gateway SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.haskellPackages.amazonka-apigatewayv2
Amazon ApiGatewayV2 SDK
-
nixos-unstable -
- nixpkgs-unstable apigatewayv2-2.0
pkgs.python312Packages.dask-gateway-server
Multi-tenant server for securely deploying and managing multiple Dask clusters
-
nixos-unstable -
- nixpkgs-unstable 2023.9.0
pkgs.python313Packages.dask-gateway-server
Multi-tenant server for securely deploying and managing multiple Dask clusters
-
nixos-unstable -
- nixpkgs-unstable 2023.9.0
pkgs.haskellPackages.amazonka-backup-gateway
Amazon Backup Gateway SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.haskellPackages.amazonka-storagegateway
Amazon Storage Gateway SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.python312Packages.mypy-boto3-apigateway
Type annotations for boto3 apigateway
-
nixos-unstable -
- nixpkgs-unstable boto3-apigateway-1.40.0
pkgs.python313Packages.mypy-boto3-apigateway
Type annotations for boto3 apigateway
-
nixos-unstable -
- nixpkgs-unstable boto3-apigateway-1.40.0
pkgs.python312Packages.mypy-boto3-apigatewayv2
Type annotations for boto3 apigatewayv2
-
nixos-unstable -
- nixpkgs-unstable boto3-apigatewayv2-1.40.0
pkgs.python313Packages.mypy-boto3-apigatewayv2
Type annotations for boto3 apigatewayv2
-
nixos-unstable -
- nixpkgs-unstable boto3-apigatewayv2-1.40.0
pkgs.python312Packages.mypy-boto3-backup-gateway
Type annotations for boto3 backup-gateway
-
nixos-unstable -
- nixpkgs-unstable boto3-backup-gateway-1.40.15
pkgs.python312Packages.mypy-boto3-storagegateway
Type annotations for boto3 storagegateway
-
nixos-unstable -
- nixpkgs-unstable boto3-storagegateway-1.40.0
pkgs.python313Packages.mypy-boto3-backup-gateway
Type annotations for boto3 backup-gateway
-
nixos-unstable -
- nixpkgs-unstable boto3-backup-gateway-1.40.15
pkgs.python313Packages.mypy-boto3-storagegateway
Type annotations for boto3 storagegateway
-
nixos-unstable -
- nixpkgs-unstable boto3-storagegateway-1.40.0
pkgs.home-assistant-component-tests.ruuvi_gateway
Open source home automation that puts local control and privacy first
-
nixos-unstable -
- nixpkgs-unstable 2025.9.3
pkgs.home-assistant-component-tests.quantum_gateway
Open source home automation that puts local control and privacy first
-
nixos-unstable -
- nixpkgs-unstable 2025.9.3
pkgs.python312Packages.types-aiobotocore-apigateway
Type annotations for aiobotocore apigateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-apigateway
Type annotations for aiobotocore apigateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.haskellPackages.amazonka-apigatewaymanagementapi
Amazon ApiGatewayManagementApi SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.home-assistant-custom-components.xiaomi_gateway3
Home Assistant custom component for control Xiaomi Multimode Gateway (aka Gateway 3), Xiaomi Multimode Gateway 2, Aqara Hub E1 on default firmwares over LAN
-
nixos-unstable -
- nixpkgs-unstable xiaomi_gateway3-4.1.2
pkgs.python312Packages.types-aiobotocore-apigatewayv2
Type annotations for aiobotocore apigatewayv2
-
nixos-unstable -
- nixpkgs-unstable apigatewayv2-2.23.2
pkgs.python313Packages.types-aiobotocore-apigatewayv2
Type annotations for aiobotocore apigatewayv2
-
nixos-unstable -
- nixpkgs-unstable apigatewayv2-2.23.2
pkgs.python312Packages.types-aiobotocore-backup-gateway
Type annotations for aiobotocore backup-gateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python312Packages.types-aiobotocore-storagegateway
Type annotations for aiobotocore storagegateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-backup-gateway
Type annotations for aiobotocore backup-gateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-storagegateway
Type annotations for aiobotocore storagegateway
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python312Packages.mypy-boto3-apigatewaymanagementapi
Type annotations for boto3 apigatewaymanagementapi
-
nixos-unstable -
- nixpkgs-unstable boto3-apigatewaymanagementapi-1.40.15
pkgs.python313Packages.mypy-boto3-apigatewaymanagementapi
Type annotations for boto3 apigatewaymanagementapi
-
nixos-unstable -
- nixpkgs-unstable boto3-apigatewaymanagementapi-1.40.15
pkgs.python312Packages.types-aiobotocore-apigatewaymanagementapi
Type annotations for aiobotocore apigatewaymanagementapi
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-apigatewaymanagementapi
Type annotations for aiobotocore apigatewaymanagementapi
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
-
@stv0g Steffen Vogel <post@steffenvogel.de>
-
@oddlama oddlama <oddlama@oddlama.org>
-
@PatrickDaG Patrick <patrick-nixos@failmail.dev>
-
@happyalu Alok Parlikar <alok@parlikar.com>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@azuwis Zhong Jianxin <azuwis@gmail.com>
-
@arikgrahl Arik Grahl <mail@arik-grahl.de>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@thiagokokada Thiago K. Okada <thiagokokada@gmail.com>
-
@jamesward James Ward <james@jamesward.com>
-
@theCapypara Marco Köpcke <hello@capypara.de>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@benley Benjamin Staffin <benley@gmail.com>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>