CVE-2021-37580
published 2021-11-16CVE-2021-37580: A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
40.06%
98.4th percentile
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | shenyu | — | — |
| apache | shenyu | — | — |
| apache_software_foundation | apache_shenyu_admin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlGET /dashboardUser HTTP/1.1
othereyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNjM3MjY1MTIxfQ.-jjw2bGyQxna5Soe4fLVLaD3gUT5ALTcsvutPQoE2qk
path/dashboardUser
- →Exploit sends a crafted JWT in the X-Access-Token header to /dashboardUser; a successful bypass returns HTTP 200 with body containing 'query success', '"userName":"admin"', and '"code":200'.
- →The attacker-controlled JWT token used for authentication bypass decodes to payload {"userName":"admin","exp":1637265121}, indicating a forged admin token with a fixed expiry.
- →Monitor for unauthenticated GET requests to /dashboardUser with an X-Access-Token header containing a JWT signed with HS256 and userName=admin, which is the exploitation pattern for this CVE. ↗
- ·The vulnerability affects only Apache ShenYu versions 2.3.0 and 2.4.0; other versions are not confirmed affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Authentication in Apache ShenYu Admin
ghsa·2021-11-17
CVE-2021-37580 [CRITICAL] CWE-287 Improper Authentication in Apache ShenYu Admin
Improper Authentication in Apache ShenYu Admin
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0.
OSV
Improper Authentication in Apache ShenYu Admin
osv·2021-11-17
CVE-2021-37580 [CRITICAL] Improper Authentication in Apache ShenYu Admin
Improper Authentication in Apache ShenYu Admin
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0.
VulnCheck
Apache shenyu Improper Authentication
vulncheck·2021·CVSS 9.8
CVE-2021-37580 [CRITICAL] Apache shenyu Improper Authentication
Apache shenyu Improper Authentication
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Affected: Apache shenyu
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-05&host_type=src&vulnerability=cve-2021-37580; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-06&host_type=src&vulnerability=cve-2021-37580; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-19&host_type=src
No detection rules found.
Nuclei
Apache ShenYu Admin JWT - Authentication Bypass
nuclei·CVSS 9.8
CVE-2021-37580 [CRITICAL] Apache ShenYu Admin JWT - Authentication Bypass
Apache ShenYu Admin JWT - Authentication Bypass
Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
Template:
id: CVE-2021-37580
info:
name: Apache ShenYu Admin JWT - Authentication Bypass
author: pdteam
severity: critical
description: Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
impact: |
This vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential compromise of the entire Apache ShenYu system.
remediation: |
Apply the patch or upgrade to the latest version of Apache ShenYu to fix the au
No writeups or analysis indexed.
2021-11-16
Published
Exploited in the wild