How severe is CVE-2022-29266?

CVE-2022-29266 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-29266

Name: apisix
Author: apache

7.5HIGH

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive inform

Veröffentlicht: 4/20/2022Aktualisiert: 11/21/2024

Beschreibung

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

KI-AnalyseKI-gestützt

Betroffene Produkte

apacheapisix

Referenzen

http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory