oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management

From: Zhang Yonglun <zhangyonglun () apache org>
Date: Thu, 1 Sep 2022 20:15:11 +0800
Severity: moderate

Description:

Apache ShenYu Admin has insecure permissions, which may allow
low-privilege administrators to modify high-privilege administrator's
passwords.
This issue affects Apache ShenYu 2.4.2 and 2.4.3.

Mitigation:

Upgrade to Apache ShenYu 2.5.0 or apply patch
https://github.com/apache/shenyu/pull/3658.

Credit:

Apache ShenYu would like to thank Lulu Gu for reporting this issue.

--

Zhang Yonglun
Apache ShenYu
Apache ShardingSphere
Previous By Date Next
Previous By Thread Next

Current thread: