CVE-2021-27306

High

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to…

mitre·CWE-706·Published 2021-03-18

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

178 chars

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

NVDen

178 chars

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

NVDes

204 chars

Una vulnerabilidad de control de acceso inapropiado en el plugin JWT en Kong Gateway versiones anteriores a 2.3.0.0, permite a usuarios no autenticados acceder a rutas autenticadas sin un token JWT válido

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N