Published: 20/04/2022 Updated: 29/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In APache APISIX prior to 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache apisix

Cloud Security Guides Cloud Security Guides 是由腾讯安全云鼎实验室维护的一个云计算安全知识库项目，用来收集云安全研究期间发现的优秀资源、文献、典型云安全漏洞以及知识图谱等，并以云参考模型架构为依托，将云上安全资源进行分类编排，为云上安全能力建设工作提供一份参考指南。Cl

CWE-209 https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr http://www.openwall.com/lists/oss-security/2022/04/20/1 https://nvd.nist.gov https://github.com/GRQForCloud/cloud-security-guides

CVE-2022-29266

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect