BIT-apisix-2022-29266
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/apisix/BIT-apisix-2022-29266.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-apisix-2022-29266
- Aliases
- Published
- 2024-03-06T10:50:44.063Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- apisix/jwt-auth may leak secrets in error response
- Details
-
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
- Database specific
{ "cpes": [ "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*" ], "severity": "High" }- References
Affected packages
Bitnami / apisix
Package
- Name
- apisix
- Purl
- pkg:bitnami/apisix
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator