Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-37580Improper Authentication in Software Foundation Apache Shenyu Admin

CWE-287Improper Authentication6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
94.0%
top 0.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache Shenyu AdminApache Shenyu
Timeline
PublishedNov 16
Latest updateNov 17

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_shenyu_adminApache ShenYu Admin 2.3.0-2.4.0
NVDapache/shenyu2.3.0, 2.4.0+1

🔴Vulnerability Details

4
GHSA
Improper Authentication in Apache ShenYu Admin2021-11-17
OSV
Improper Authentication in Apache ShenYu Admin2021-11-17
CVEList
Apache ShenYu Admin bypass JWT authentication2021-11-16
VulnCheck
Apache shenyu Improper Authentication2021

💥Exploits & PoCs

1
Nuclei
Apache ShenYu Admin JWT - Authentication Bypass
CVE-2021-37580 — Improper Authentication | cvebase