How severe is CVE-2022-29266?

CVE-2022-29266 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-29266

Name: apisix
Author: apache

7.5HIGH

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive inform

Published: 4/20/2022Updated: 11/21/2024

Description

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

AI AnalysisPowered by AI

Affected Products

apacheapisix

References

http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory