CVE-2021-27306

Name of the Vulnerable Software and Affected Versions Kong Gateway versions prior to 2.3.2.0

Description The issue is related to an improper access control vulnerability in the JWT plugin. This vulnerability allows unauthenticated users to access authenticated routes without a valid token JWT.

Recommendations For versions prior to 2.3.2.0, update to version 2.3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to authenticated routes until the update is applied.