CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

VulnCheck KEV: CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

org.apache.shenyu:shenyu-admin-dist (>=2.4.0 <=2.4.3) potentially affected by CVE-2023-25753 via org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.3)

org.apache.shenyu:shenyu-admin MAVEN version =2.4.0, =2.4.0, =2.4.3 Source cves: CVE-2023-25753 Source advisory: OSV:GHSA-7W8V-5FCQ-PVQW...

Privilege Escalation

shenyu-admin is vulnerable to Privilege Escalation. The vulnerability is due to the library allowing low-privilege low-level administrators to create users with higher privileges than their own...

org.apache.shenyu:shenyu-admin-dist (>=2.4.0 <=2.4.3) potentially affected by CVE-2022-42735 via org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.3)

org.apache.shenyu:shenyu-admin MAVEN version =2.4.0, =2.4.0, =2.4.3 Source cves: CVE-2022-42735 Source advisory: OSV:GHSA-VF8H-2WWJ-JQ22...

CVE-2022-37435

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3...

Apache ShenYu 安全漏洞

Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation. A security vulnerability exists in Apache ShenYu Admin versions 2.4.2 and 2.4.3, which stems from an insecure privilege that could allow a low-privileged administrator to change...

GHSA-7RJP-FGWJ-47RW Missing authentication in ShenYu

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23945 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23945 Source advisory: OSV:GHSA-7RJP-FGWJ-47RW...

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2021-45029 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2021-45029 Source advisory: OSV:GHSA-GH38-X2WM-XMC8...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Authentication flaw

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

CVE-2022-23945 describes a missing authentication flaw in the ShenYu Admin interface when registering over HTTP, affecting Apache ShenYu versions 2.4.0 and 2.4.1 . The connected sources consistently state the issue as an authentication gap without providing additional technical specifics within t...

Privilege Escalation

shenyu-admin is vulnerable to privilege escalation. The vulnerability exists due to an incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication...

GHSA-VPFP-5GWQ-G533 Improper Authentication in Apache ShenYu Admin

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

org.apache.shenyu:shenyu-admin-dist (=2.4.0) potentially affected by CVE-2021-37580 via org.apache.shenyu:shenyu-admin (=2.4.0)

org.apache.shenyu:shenyu-admin MAVEN version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shenyu:shenyu-admin and may be impacted: - org.apache.shenyu:shenyu-admin-dist =2.4.0 Source cves: CVE-2021-37580 Source advisory:...

PT-2021-21721 · Apache · Apache Shenyu

Name of the Vulnerable Software and Affected Versions: Apache ShenYu versions 2.3.0 through 2.4.0 Description: A flaw was found in Apache ShenYu Admin, where the incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. Recommendations: For versions 2.3.0 and 2.4.0...