PT-2023-12162 · Mosn · Mosn

Ruil1N

Published

2023-02-17

Updated

2025-03-18

CVE-2021-32163

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MOSN versions prior to 0.23.0

Description The issue allows an attacker to escalate privileges via case-sensitive JWT authorization, potentially leading to unauthorized access. This is related to an authentication vulnerability.

Recommendations For MOSN versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider restricting access to JWT authorization until the update is applied.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-178CWE-863

Related Identifiers

CVE-2021-32163

GHSA-5VX9-J5CW-47VQ

GO-2023-1582

Affected Products

Mosn

PT-2023-12162 · Mosn · Mosn

CVE-2021-32163

Weakness Enumeration

Related Identifiers

Affected Products

References · 10