variot - var-202204-1318

VAR-202204-1318

Vulnerability from variot - Updated: 2023-12-18 13:22

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. An attacker could exploit this vulnerability to obtain the secret configured by the plugin by sending an incorrect JSON Web Token to a route protected by the jwt-auth plugin and responding with an error message

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-1318",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apisix",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.13.1"
      },
      {
        "model": "apisix",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.13.1"
      },
      {
        "model": "apisix",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "apisix",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.13.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      }
    ]
  },
  "cve": "CVE-2022-29266",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-29266",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2022-38523",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-29266",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-29266",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-38523",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-3886",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-29266",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user\u0027s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. An attacker could exploit this vulnerability to obtain the secret configured by the plugin by sending an incorrect JSON Web Token to a route protected by the jwt-auth plugin and responding with an error message",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-29266",
        "trust": 3.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/04/20/1",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042003",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "id": "VAR-202204-1318",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      }
    ],
    "trust": 1.225
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:22:28.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Apache Apisix Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/333271"
      },
      {
        "title": "Apache Apisix Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190171"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-209",
        "trust": 1.0
      },
      {
        "problemtype": "Information leakage due to error message (CWE-209) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr"
      },
      {
        "trust": 2.5,
        "url": "http://www.openwall.com/lists/oss-security/2022/04/20/1"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29266"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-29266/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042003"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/209.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "date": "2023-07-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "date": "2022-04-20T08:15:07.740000",
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-38523"
      },
      {
        "date": "2022-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29266"
      },
      {
        "date": "2023-07-28T08:04:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      },
      {
        "date": "2022-04-29T23:38:22.927000",
        "db": "NVD",
        "id": "CVE-2022-29266"
      },
      {
        "date": "2022-05-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache\u00a0Software\u00a0Foundation\u00a0 of \u00a0APISIX\u00a0 Vulnerability regarding information leakage due to error messages in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-008621"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-3886"
      }
    ],
    "trust": 0.6
  }
}

CVE-2022-29266 (GCVE-0-2022-29266)

Vulnerability from cvelistv5 – Published: 2022-04-20 07:15 – Updated: 2024-08-03 06:17

Summary

Severity ?

No CVSS data available.

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/6qpfyxogbvn18g9xr…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/04/20/1	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache APISIX	Affected: Apache APISIX , ≤ 2.13.0 (custom)

Credits

Discovered and reported by a team from Kingdee Software (China) Ltd. consisting of Zhongyuan Tang, Hongfeng Xie, and Bing Chen.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr"
          },
          {
            "name": "[oss-security] 20220420 CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in error response",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/20/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache APISIX",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.13.0",
              "status": "affected",
              "version": "Apache APISIX",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered and reported by a team from Kingdee Software (China) Ltd. consisting of Zhongyuan Tang, Hongfeng Xie, and Bing Chen."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user\u0027s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "critical"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-25T12:10:09",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr"
        },
        {
          "name": "[oss-security] 20220420 CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in error response",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/20/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "apisix/jwt-auth may leak secrets in error response",
      "workarounds": [
        {
          "lang": "en",
          "value": "1. Upgrade to 2.13.1 and above\n\n2. Apply the following patch to Apache APISIX and rebuild it:\nThis will make this error message no longer contain sensitive information and return a fixed error message to the caller.\nFor the current LTS 2.13.x or master:\nhttps://github.com/apache/apisix/pull/6846\nhttps://github.com/apache/apisix/pull/6847\nhttps://github.com/apache/apisix/pull/6858\nFor the last LTS 2.10.x:\nhttps://github.com/apache/apisix/pull/6847\nhttps://github.com/apache/apisix/pull/6855\n\n3. Manually modify the version you are using according to the commit above and rebuild it to circumvent the vulnerability."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-29266",
          "STATE": "PUBLIC",
          "TITLE": "apisix/jwt-auth may leak secrets in error response"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache APISIX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache APISIX",
                            "version_value": "2.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Discovered and reported by a team from Kingdee Software (China) Ltd. consisting of Zhongyuan Tang, Hongfeng Xie, and Bing Chen."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user\u0027s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "critical"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-209 Generation of Error Message Containing Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/6qpfyxogbvn18g9xr8g218jjfjbfsbhr"
            },
            {
              "name": "[oss-security] 20220420 CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in error response",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/20/1"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "1. Upgrade to 2.13.1 and above\n\n2. Apply the following patch to Apache APISIX and rebuild it:\nThis will make this error message no longer contain sensitive information and return a fixed error message to the caller.\nFor the current LTS 2.13.x or master:\nhttps://github.com/apache/apisix/pull/6846\nhttps://github.com/apache/apisix/pull/6847\nhttps://github.com/apache/apisix/pull/6858\nFor the last LTS 2.10.x:\nhttps://github.com/apache/apisix/pull/6847\nhttps://github.com/apache/apisix/pull/6855\n\n3. Manually modify the version you are using according to the commit above and rebuild it to circumvent the vulnerability."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-29266",
    "datePublished": "2022-04-20T07:15:13",
    "dateReserved": "2022-04-15T00:00:00",
    "dateUpdated": "2024-08-03T06:17:54.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202204-1318

CVE-2022-29266 (GCVE-0-2022-29266)

Tags

Sightings

Nomenclature