How severe is CVE-2022-29266?

CVE-2022-29266 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-29266

Name: apisix
Author: apache

7.5HIGH

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive inform

게시됨: 4/20/2022업데이트됨: 11/21/2024

설명

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

AI 분석AI 기반

영향받는 제품

apacheapisix

참조

http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory