docs: add CVE-45232 post

website/blog/2021/12/28/dashboard-cve-2021-45232.md

@@ -0,0 +1,46 @@
+---
+title: "Apache APISIX Dashboard Unauthorized Access Vulnerability Announcement (CVE-2021-45232)"
+author: "Junxu Chen"
+authorURL: "https://github.com/nic-chen"
+authorImageURL: "https://avatars.githubusercontent.com/u/33000667?v=4"
+keywords: 
+- Apache APISIX
+- APISIX Dashboard
+- APISIX Route
+- Unauthorized Access
+- CVE
+description: There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.
+tags: [Security]
+---
+
+> There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.
+
+<!--truncate-->
+
+## Problem description
+
+Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
+
+## Affected Versions
+
+Apache APISIX Dashboard versions 2.7 - 2.10
+
+## Solution
+
+Please update to Apache APISIX Dashboard version 2.10.1 and above.
+
+## Security Recommendations
+
+It is recommended that users change their default user name and password in a timely manner and restrict source IP access to the Apache APISIX Dashboard.
+
+## Vulnerability details
+
+Vulnerability public date: December 27, 2021
+
+CVE details: https://nvd.nist.gov/vuln/detail/CVE-2021-45232
+
+## Contributor Profile
+
+This vulnerability was discovered by Yucheng Zhu of the Security Team at Yuanbao Technology and reported to the Apache Software Foundation. Thank you for your contributions to the Apache APISIX community.
+
+![Yuanbao Technology](https://static.apiseven.com/202108/1640324848257-4978eaac-bfd7-4265-82d2-9c024956b933.png)

website/i18n/zh/docusaurus-plugin-content-blog/2021/12/28/dashboard-cve-2021-45232.md

@@ -0,0 +1,46 @@
+---
+title: "Apache APISIX Dashboard 未授权访问漏洞公告（CVE-2021-45232)"
+author: "陈军旭"
+authorURL: "https://github.com/nic-chen"
+authorImageURL: "https://avatars.githubusercontent.com/u/33000667?v=4"
+keywords: 
+- Apache APISIX
+- APISIX Dashboard
+- APISIX Route
+- 任意代码执行
+- 授权访问
+description: 在 Apache APISIX Dashboard 2.7-2.10 版本中出现了未经授权访问的安全漏洞，现将处理信息进行相关公告。
+tags: [Security]
+---
+
+> 在 Apache APISIX Dashboard 2.7-2.10 版本中出现了未经授权访问的安全漏洞，现将处理信息进行相关公告。
+
+<!--truncate-->
+
+## 问题描述
+
+攻击者无需登录 Apache APISIX Dashboard 即可访问某些接口，从而进行未授权更改或获取 Apache APISIX Route、Upstream、Service 等相关配置信息，并造成 SSRF、攻击者搭建恶意流量代理和任意代码执行等问题。
+
+## 影响版本
+
+Apache APISIX Dashboard 2.7 - 2.10 版本
+
+## 解决方案
+
+请及时更新至 Apache APISIX Dashboard 2.10.1 及以上版本。
+
+## 安全建议
+
+建议用户及时更改默认用户名与密码，并限制来源 IP 访问 Apache APISIX Dashboard。
+
+## 漏洞详情
+
+漏洞公开时间：2021 年 12 月 27 日
+
+CVE 详细信息：https://nvd.nist.gov/vuln/detail/CVE-2021-45232
+
+## 贡献者简介
+
+该漏洞由源堡科技安全团队的朱禹成发现，并向 Apache 软件基金会上报该漏洞。感谢各位对 Apache APISIX 社区的贡献。
+
+![源堡科技](https://static.apiseven.com/202108/1640324848257-4978eaac-bfd7-4265-82d2-9c024956b933.png)