4 matches found
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
creationtimestamp| type| source ---|---|--- 2021-03-27 15:45:55+00:00| published-proof-of-concept| Telegram/TfMWHpobLQZdhqfWLjB12kVYpFQ7OxtzeB1xhzf0NUhkxw...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
CVE-2021-27306 involves Kong Gateway’s JWT plugin, where an improper access control flaw lets unauthenticated users reach authenticated routes without a valid JWT. The issue affects Kong Gateway versions before 2.3.2.0 and stems from insufficient authorization checks in the JWT plugin. Impact is ...