CVE-2022-23945

CWE-862Missing AuthorizationCWE-306Missing Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 27.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Shenyu (incubating)Apache Shenyu
Timeline
PublishedJan 25
Latest updateJan 28

Description

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.shenyu:shenyu-common2.4.02.4.2
CVEListV5apache_software_foundation/apache_shenyu_(incubating)Apache ShenYu (incubating)2.4.2
NVDapache/shenyu2.4.0, 2.4.1+1

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
Missing authentication in ShenYu2022-01-28
OSV
Missing authentication in ShenYu2022-01-28
CVEList
Apache ShenYu missing authentication allows gateway registration2022-01-25