Phone-alt Linkedin
Excite IT, Brace168, and VITCS Merge to Form Excite Cyber: A New Era of Fearless Technology Solutions > Learn more

CVE-2022-23944: Apache ShenYu (incubating)

CVE-2022-23944: Apache ShenYu (incubating) Improper access control:

Severity: Moderate

Description: User can access /Plugin API without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. Everybody can access /plugin API which will list the details of all plugins include id, name, config (may include password). We can also add a new plugin with POST method while using /plugin API.

Mitigation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply patch.

Reference links:

https://www.openwall.com/lists/oss-security/2022/01/26/2

https://vuldb.com/?id.191570

Recent blog posts

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

View all our blog articles