Volerion logoVolerion
Volerion logoVolerion

WSO2 Products Incorrect Authorization Vulnerability Allowing Unauthorized Access to Versioned Registry Files

Vulnerability

A vulnerability allowing incorrect authorization has been identified in multiple WSO2 products, including WSO2 API Manager, WSO2 Enterprise Integrator, WSO2 Identity Server, and WSO2 Open Banking solutions. This vulnerability allows unauthorized access to versioned files stored in the registry. The issue arises from flawed authorization logic, which a malicious actor with access to the management console can exploit to retrieve versioned files without proper authorization. Successful exploitation could lead to the unauthorized disclosure of configuration or resource files, potentially facilitating further attacks or system reconnaissance.

Impact

Exploitation of this vulnerability could result in unauthorized access to versioned files in the registry, allowing for the disclosure of sensitive configuration or resource files that could be used in further attacks or for system reconnaissance.

Remediation

Users of WSO2 products can apply the relevant fixes available on the WSO2 GitHub repository. Support subscription holders can update their product to the specified update level to apply the fix.

Added: Jun 23, 2025, 9:18 AM
Updated: Jun 23, 2025, 9:18 AM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
5.4
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.