Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-29266
HistoryApr 20, 2022 - 8:15 a.m.

CVE-2022-29266

2022-04-2008:15:07
Google
osv.dev
3
cve-2022-29266
apache apisix
jwt-auth plugin
security issue
lua-resty-jwt

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.5%

JSON

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user’s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

Related

nvd 1
nessus 1
cvelist 1
osv 1
prion 1
cve 1
nvd
nvd
CVE-2022-29266
2022-04-20 08:15:07
nessus
nessus
Apache APISIX < 2.13.1 Information Disclosure
2022-06-01 00:00:00
cvelist
cvelist
CVE-2022-29266 apisix/jwt-auth may leak secrets in error response
2022-04-20 07:15:13
osv
osv
BIT-apisix-2022-29266
2024-03-06 10:50:44
prion
prion
Information disclosure
2022-04-20 08:15:00
cve
cve
CVE-2022-29266
2022-04-20 08:15:07

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.5%

JSON
Related for OSV:CVE-2022-29266
nvd1nessus1cvelist1osv1prion1cve1