How severe is CVE-2022-29266?

CVE-2022-29266 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-29266

Name: apisix
Author: apache

7.5HIGH

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive inform

公開日: 4/20/2022更新日: 11/21/2024

説明

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

AI分析AIによる分析

影響を受ける製品

apacheapisix

参照

http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory