Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.
No PoCs from references.
- https://github.com/43622283/cloud-security-guides
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GRQForCloud/cloud-security-guides
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Threekiii/Awesome-POC
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/YDCloudSecurity/cloud-security-guides
- https://github.com/karimhabush/cyberowl
- https://github.com/teamssix/awesome-cloud-security