CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
Configurations

Configuration 1 (hide)

cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*

History

07 Nov 2023, 03:31

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3', 'name': 'https://medium.com/@sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3', 'tags': ['Exploit', 'Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3 -

Information

Published : 2021-03-18 15:15

Updated : 2024-02-28 18:08


NVD link : CVE-2021-27306

Mitre link : CVE-2021-27306

CVE.ORG link : CVE-2021-27306


JSON object : View

Products Affected

konghq

  • kong_gateway
CWE
CWE-706

Use of Incorrectly-Resolved Name or Reference