An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
References
Configurations
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-706 |
24 Mar 2021, 12:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://docs.konghq.com/enterprise/changelog/#core-1 - Vendor Advisory | |
References | (MISC) https://medium.com/@sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3 - Exploit, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 7.5 |
CWE | CWE-863 |
19 Mar 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. |
18 Mar 2021, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-18 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27306
Mitre link : CVE-2021-27306
CVE.ORG link : CVE-2021-27306
JSON object : View
Products Affected
konghq
- kong_gateway
CWE
CWE-706
Use of Incorrectly-Resolved Name or Reference