Red Hat 3scale Amp
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat 3scale Amp.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat 3scale Amp. Last year, in 2025 Red Hat 3scale Amp had 2 security vulnerabilities published. Right now, Red Hat 3scale Amp is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.45 |
| 2024 | 3 | 6.37 |
| 2023 | 2 | 5.40 |
It may take a day or so for new Red Hat 3scale Amp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat 3scale Amp Security Vulnerabilities
3scale DevPortal Hidden Field Priv Escalation
CVE-2024-12125
7.5 - High
- November 06, 2025
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.
Improper Preservation of Permissions
serialize-javascript XSS via unsanitized regex input
CVE-2024-11831
5.4 - Medium
- February 10, 2025
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
XSS
APICast Gateway Bypass via Malformed Basic Auth (CVE-2024-10295)
CVE-2024-10295
7.5 - High
- October 24, 2024
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
AuthZ
3Scale: Insecure Access to Developer Invoice PDFs (No Auth)
CVE-2024-9671
5.3 - Medium
- October 09, 2024
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
AuthZ
3Scale OIDC Token Introspection Bypass in RH-SSO 7.5
CVE-2024-0560
6.3 - Medium
- February 28, 2024
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid.
Improper Handling of Insufficient Permissions or Privileges
3Scale Admin Portal Cached Personal Tokens Exposed Post-Logout
CVE-2023-4910
5.5 - Medium
- November 06, 2023
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
Exposure of Resource to Wrong Sphere
Memory Leak in ruby-magick causes DOS via Memory Exhaustion
CVE-2023-5349
5.3 - Medium
- October 30, 2023
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
Memory Leak
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat 3scale Amp or by Red Hat? Click the Watch button to subscribe.
