• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Phone-alt Linkedin

CVE-2022-23944: Apache ShenYu (incubating)

CVE-2022-23944: Apache ShenYu (incubating) Improper access control:

Severity: Moderate

Description: User can access /Plugin API without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. Everybody can access /plugin API which will list the details of all plugins include id, name, config (may include password). We can also add a new plugin with POST method while using /plugin API.

Mitigation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch.

Reference links:

https://www.openwall.com/lists/oss-security/2022/01/26/2

https://vuldb.com/?id.191570

Recent blog posts

Common Vulnerabilities and Exposures – October 2022

Read More »

Hacks – October 2022

Read More »

Protecting your data – The CIA Triad – Part One: Confidentiality

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Common Vulnerabilities and Exposures – October 2022

Read More »

March 2022 Okta LAPSUS$ security incident

Read More »

Encryption

Read More »

Common Vulnerabilities and Exposures August 2021

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com