oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-42735: Apache ShenYu Admin ultra vires

From: Zhang Yonglun <zhangyonglun () apache org>
Date: Wed, 15 Feb 2023 11:19:22 +0800
Severity: low

Description:

Improper Privilege Management vulnerability in Apache Software
Foundation Apache ShenYu.

ShenYu Admin allows low-privilege low-level administrators create
users with higher privileges than their own.

This issue affects Apache ShenYu: 2.5.0.

Work Arounds:

Upgrade to Apache ShenYu 2.5.1 or apply patch
https://github.com/apache/shenyu/pull/3958.

Credit:

xxhzz (finder)

References:

https://shenyu.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-42735

--

Zhang Yonglun
Apache ShenYu & ShardingSphere
Previous By Date Next
Previous By Thread Next

Current thread: