Unrated severityNVD Advisory· Published Apr 20, 2022· Updated Aug 3, 2024
apisix/jwt-auth may leak secrets in error response
CVE-2022-29266
Description
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2022/04/20/1mitremailing-listx_refsource_MLIST
- lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhrmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.