Lucene search
+L

130 matches found

OSV
OSV
added 2022/01/25 1:0 p.m.34 views

CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.5CVSS7.1AI score0.03771EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/01/25 1:0 p.m.27 views

CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

7.9AI score0.03771EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/01/25 1:0 p.m.35 views

CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.5AI score0.79007EPSS
Exploits0References4
OSV
OSV
added 2022/01/25 1:0 p.m.17 views

CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.1CVSS7.2AI score0.79007EPSS
Exploits0References6
CVE
CVE
added 2022/01/25 1:0 p.m.113 views

CVE-2022-23944

CVE-2022-23944 affects Apache ShenYu 2.4.0 and 2.4.1, introducing an unauthenticated access flaw where the /plugin API can be reached without credentials. Impact described across sources includes unauthorized access to sensitive information and potential admin-panel compromise. The issue originat...

9.1CVSS9.2AI score0.79007EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/01/25 1:0 p.m.30 views

CVE-2022-23223 Apache ShenYu Password leakage

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.7AI score0.04306EPSS
Exploits1References3
CVE
CVE
added 2022/01/25 1:0 p.m.133 views

CVE-2022-23223

On Apache ShenYu, versions 2.4.0 and 2.4.1 contain an information disclosure flaw where an endpoint exposed user passwords in HTTP responses. The root cause is tied to how passwords were disclosed by the affected endpoints, as reported across CVE records and vendor advisories. Mitigation is to up...

7.5CVSS7.5AI score0.04306EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/01/25 1:0 p.m.19 views

CVE-2022-23223 Apache ShenYu Password leakage

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later...

7.5CVSS7AI score0.04306EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/01/25 1:0 p.m.24 views

CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

10AI score0.06029EPSS
Exploits0References3
CVE
CVE
added 2022/01/25 1:0 p.m.113 views

CVE-2021-45029

CVE-2021-45029 describes a vulnerability in Apache ShenYu affecting versions 2.4.0 and 2.4.1, caused by Groovy Code Injection and SpEL Injection that can lead to Remote Code Execution. Publicly available details in the provided documents confirm the vulnerability type and affected versions, with ...

9.8CVSS9.8AI score0.06029EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.7 views

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway . An access control error vulnerability exists in Apache ShenYu version 2.4.0 and 2.4.1. An attacker can exploit this vulnerability to access the /plugin api without authentication, compromising system...

9.1CVSS5.6AI score0.79007EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/01/25 12:0 a.m.3 views

PT-2022-1763 · Apache · Apache Shenyu

Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.4.0 through 2.4.1 Description: The issue is related to insufficient protection of registration data, allowing a remote attacker to obtain user registration data using a specially crafted HTTP request. This can lead to...

7.8CVSS7.3AI score0.04306EPSS
Exploits1References14
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.6 views

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

9.8CVSS6.6AI score0.06029EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.7 views

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

7.5CVSS5.6AI score0.03771EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.8 views

Apache ShenYu 信息泄露漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . An information disclosure vulnerability exists in Apache ShenYu versions 2.4.0 and 2.4.1, which arises from a configuration or other error in the operation...

7.5CVSS5.7AI score0.04306EPSS
Exploits1References5
Check Point Advisories
Check Point Advisories
added 2021/12/28 12:0 a.m.76 views

Apache ShenYu Admin Authentication Bypass (CVE-2021-37580)

A authentication bypass vulnerability exists in the Apache ShenYu Admin. The vulnerability is due to improper handling of the incoming HTTP requests...

7.5CVSS1.6AI score0.40058EPSS
Exploits2
Veracode
Veracode
added 2021/11/18 8:45 a.m.21 views

Privilege Escalation

shenyu-admin is vulnerable to privilege escalation. The vulnerability exists due to an incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication...

9.8CVSS4.6AI score0.40058EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/17 11:15 p.m.35 views

Improper Authentication in Apache ShenYu Admin

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

9.8CVSS8.8AI score0.40058EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2021/11/17 11:15 p.m.1 views

GHSA-VPFP-5GWQ-G533 Improper Authentication in Apache ShenYu Admin

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

9.8CVSS7.1AI score0.40058EPSS
Exploits2References6
vulnersOsv
vulnersOsv
added 2021/11/17 11:15 p.m.3 views

org.apache.shenyu:shenyu-admin-dist (=2.4.0) potentially affected by CVE-2021-37580 via org.apache.shenyu:shenyu-admin (=2.4.0)

org.apache.shenyu:shenyu-admin MAVEN version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shenyu:shenyu-admin and may be impacted: - org.apache.shenyu:shenyu-admin-dist =2.4.0 Source cves: CVE-2021-37580 Source advisory:...

9.8CVSS7.2AI score0.40058EPSS
Exploits2
Rows per page
Query Builder