oss-sec mailing list archives
CVE-2022-23945: Apache ShenYu (incubating) missing authentication allows gateway registration
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Wed, 26 Jan 2022 14:40:38 +0800
Severity: moderate Description: Missing authentication on ShenYu Admin when a gateway registers. So, if ShenYu Admin is exposed to the internet, it will allow any user to register as the gateway. This issue affects Apache ShenYu (incubating) 2.4.0 and 2.4.1. Mitigation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch https://github.com/apache/incubator-shenyu/pull/2723. -- Zhang Yonglun Apache ShenYu (Incubating) Apache ShardingSphere
Current thread:
- CVE-2022-23945: Apache ShenYu (incubating) missing authentication allows gateway registration Zhang Yonglun (Jan 26)