mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.1 KiB
1.1 KiB
CVE-2022-29266
Description
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
POC
Reference
No PoCs from references.
Github
- https://github.com/43622283/cloud-security-guides
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GRQForCloud/cloud-security-guides
- https://github.com/Threekiii/Awesome-POC
- https://github.com/YDCloudSecurity/cloud-security-guides
- https://github.com/karimhabush/cyberowl
- https://github.com/teamssix/awesome-cloud-security