oss-sec mailing list archives
CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Thu, 1 Sep 2022 20:15:11 +0800
Severity: moderate Description: Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Mitigation: Upgrade to Apache ShenYu 2.5.0 or apply patch https://github.com/apache/shenyu/pull/3658. Credit: Apache ShenYu would like to thank Lulu Gu for reporting this issue. -- Zhang Yonglun Apache ShenYu Apache ShardingSphere
Current thread:
- CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management Zhang Yonglun (Sep 01)