Vulnerability Details CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- https://docs.konghq.com/enterprise/changelog/#core-1
- https://medium.com/%40sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3
- https://docs.konghq.com/enterprise/changelog/#core-1
- https://medium.com/%40sew.campos/cve-2021-27306-access-an-authenticated-route-on-kong-api-gateway-6ae3d81968a3
Products affected by CVE-2021-27306
-
cpe:2.3:a:konghq:kong_gateway:-
-
cpe:2.3:a:konghq:kong_gateway:0.30
-
cpe:2.3:a:konghq:kong_gateway:0.31
-
cpe:2.3:a:konghq:kong_gateway:0.31-1
-
cpe:2.3:a:konghq:kong_gateway:0.32
-
cpe:2.3:a:konghq:kong_gateway:0.33
-
cpe:2.3:a:konghq:kong_gateway:0.33-1
-
cpe:2.3:a:konghq:kong_gateway:0.33-2
-
cpe:2.3:a:konghq:kong_gateway:0.34
-
cpe:2.3:a:konghq:kong_gateway:0.34-1
-
cpe:2.3:a:konghq:kong_gateway:0.35
-
cpe:2.3:a:konghq:kong_gateway:0.35-1
-
cpe:2.3:a:konghq:kong_gateway:0.35-2
-
cpe:2.3:a:konghq:kong_gateway:0.35-3
-
cpe:2.3:a:konghq:kong_gateway:0.35-4
-
cpe:2.3:a:konghq:kong_gateway:0.35-5
-
cpe:2.3:a:konghq:kong_gateway:0.36
-
cpe:2.3:a:konghq:kong_gateway:0.36-1
-
cpe:2.3:a:konghq:kong_gateway:0.36-2
-
cpe:2.3:a:konghq:kong_gateway:0.36-3
-
cpe:2.3:a:konghq:kong_gateway:0.36-4
-
cpe:2.3:a:konghq:kong_gateway:0.36-5
-
cpe:2.3:a:konghq:kong_gateway:0.36-6
-
cpe:2.3:a:konghq:kong_gateway:0.36-7
-
cpe:2.3:a:konghq:kong_gateway:1.3
-
cpe:2.3:a:konghq:kong_gateway:1.3.0.1
-
cpe:2.3:a:konghq:kong_gateway:1.3.0.2
-
cpe:2.3:a:konghq:kong_gateway:1.3.0.3
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.0
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.1
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.2
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.3
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.4
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.5
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.6
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.7
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.8
-
cpe:2.3:a:konghq:kong_gateway:1.5.0.9
-
cpe:2.3:a:konghq:kong_gateway:2.1.0.0
-
cpe:2.3:a:konghq:kong_gateway:2.1.3.0
-
cpe:2.3:a:konghq:kong_gateway:2.1.3.1
-
cpe:2.3:a:konghq:kong_gateway:2.1.4.0
-
cpe:2.3:a:konghq:kong_gateway:2.1.4.1
-
cpe:2.3:a:konghq:kong_gateway:2.1.4.2
-
cpe:2.3:a:konghq:kong_gateway:2.1.4.3
-
cpe:2.3:a:konghq:kong_gateway:2.2.0.0
-
cpe:2.3:a:konghq:kong_gateway:2.2.1.0