Lucene search
ApacheCVELIST:CVE-2022-29266HistoryApr 20, 2022 - 7:15 a.m.
CVE-2022-29266 apisix/jwt-auth may leak secrets in error response
2022-04-2007:15:13
CWE-209
apache
www.cve.org
3
cve-2022-29266
apisix/jwt-auth
leak secrets
error response
lua-resty-jwt
EPSS
0.001
Percentile
47.5%
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user’s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
CNA Affected
[
{
"product": "Apache APISIX",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.13.0",
"status": "affected",
"version": "Apache APISIX",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-29266
2022-04-20 08:15:07
BIT-apisix-2022-29266
2024-03-06 10:50:44
nvd
nvd
CVE-2022-29266
2022-04-20 08:15:07
nessus
nessus
Apache APISIX < 2.13.1 Information Disclosure
2022-06-01 00:00:00
prion
prion
Information disclosure
2022-04-20 08:15:00
cve
cve
CVE-2022-29266
2022-04-20 08:15:07