The version of Apache APISIX installed on the remote host is prior to 2.13.1. It is, therefore, potentially affected by an information disclosure vulnerability because the jwt-auth plugin has a security issue that leaks the user’s secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More