Security Advisory

CVE-2022-29266

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-20 07:15:13

Last updated 2024-08-03 06:17:54

Assigner apache

State PUBLISHED

Description

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the users secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

← Browse all CVEs View on cve.org ↗