Description

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

Remediation

References

CVE-2021-27306

Related Vulnerabilities

WordPress Plugin FAQ Multiple Cross-Site Scripting Vulnerabilities (1.0.14)

WordPress Plugin Another WordPress Classifieds Multiple Vulnerabilities (2.2.1)

Python Other Vulnerability (CVE-2015-5652)

WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.33)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6506)

Severity

High

Classification

CVE-2021-27306 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities