High
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
Tag: Kong Gateway
All CVEs associated with "Kong Gateway". Page 1/1 • 2 CVEs.
About “Kong Gateway”
A curated feed of “Kong Gateway”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 8.7 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-706 - Use of Incorrectly-Resolved Name or Reference.
In our taxonomy this topic maps to a LOW impact class. Network and security appliances sit on critical paths. Restrict management exposure, back up configs, and schedule firmware updates with policy validation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: kong-gateway
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Extended Support | EOL | LTS |
|---|---|---|---|---|---|
| 3.9 | 3.9.1 | - | |||
| 3.8 | 3.8.1 | Expired | |||
| 3.7 | 3.7.1 | Expired | |||
| 3.6 | 3.6.1 | Expired | |||
| 3.5 | 3.5.0 | Expired | |||
| 3.4 | 3.4.2 | - | LTS | ||
| 3.3 | 3.3.1 | Expired | |||
| 3.2 | 3.2.2 | Expired | |||
| 3.1 | 3.1.1 | Expired | |||
| 3.0 | 3.0.2 | Expired | |||
| 2.8 | 2.8.5 | Expired | LTS |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Kong Gateway” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2021-03-18
2020-04-12
Critical
CVE-2020-11710
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability b…