Improper Access Control Vulnerability in Kong Gateway JWT Plugin
CVE-2021-27306
7.5HIGH
What is CVE-2021-27306?
The JWT plugin in Kong Gateway prior to version 2.3.2.0 is susceptible to an improper access control vulnerability. This flaw permits unauthenticated users to gain access to authenticated routes without the necessity of a valid JWT token. Such unauthorized access can lead to exposure of sensitive data and resources, posing significant security risks. Users are encouraged to update their Kong Gateway to the latest version to mitigate this vulnerability and enhance their overall security posture.
