cbcvebase.
CVE-2021-37580
published 2021-11-16

CVE-2021-37580: A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected…

PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
40.06%
98.4th percentile
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Affected

3 ranges
VendorProductVersion rangeFixed in
apacheshenyu
apacheshenyu
apache_software_foundationapache_shenyu_admin

Detection & IOCsextracted from sources · hover to see the quote

urlGET /dashboardUser HTTP/1.1
othereyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNjM3MjY1MTIxfQ.-jjw2bGyQxna5Soe4fLVLaD3gUT5ALTcsvutPQoE2qk
path/dashboardUser
  • Exploit sends a crafted JWT in the X-Access-Token header to /dashboardUser; a successful bypass returns HTTP 200 with body containing 'query success', '"userName":"admin"', and '"code":200'.
  • The attacker-controlled JWT token used for authentication bypass decodes to payload {"userName":"admin","exp":1637265121}, indicating a forged admin token with a fixed expiry.
  • Monitor for unauthenticated GET requests to /dashboardUser with an X-Access-Token header containing a JWT signed with HS256 and userName=admin, which is the exploitation pattern for this CVE.
  • ·The vulnerability affects only Apache ShenYu versions 2.3.0 and 2.4.0; other versions are not confirmed affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.