How severe is CVE-2022-29266?

CVE-2022-29266 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-29266

Name: apisix
Author: apache

7.5HIGH

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive inform

发布于: 4/20/2022更新于: 11/21/2024

描述

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

AI分析AI驱动

受影响产品

apacheapisix

参考资料

http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/20/1
Mailing ListThird Party Advisory
https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr
Mailing ListVendor Advisory