Lucene search
GoogleOSV:GHSA-6V39-P2XQ-G5C3HistoryJan 28, 2022 - 10:13 p.m.
Missing authentication in ShenYu
2022-01-2822:13:44
Google
osv.dev
10
shenyu
authentication
/plugin api
apache
security issue
affected versions
EPSS
0.387
Percentile
97.3%
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
References
www.openwall.com/lists/oss-security/2022/01/25/15
www.openwall.com/lists/oss-security/2022/01/25/5
www.openwall.com/lists/oss-security/2022/01/26/2
github.com/apache/incubator-shenyu
github.com/apache/incubator-shenyu/pull/2462
github.com/apache/shenyu/pull/2462/commits/50e4b5e626ad94b415e26ef4fbe584bd51fd1b77
lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y
nvd.nist.gov/vuln/detail/CVE-2022-23944
Related
osv
osv
CVE-2022-23944
2022-01-25 13:15:08
veracode
veracode
Insecure Access Control
2022-01-26 08:17:21
nvd
nvd
CVE-2022-23944
2022-01-25 13:15:08
cvelist
cvelist
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control
2022-01-25 13:00:24
cve
cve
CVE-2022-23944
2022-01-25 13:15:08
cnvd
cnvd
Apache ShenYu Access Control Error Vulnerability
2022-01-27 00:00:00
github
github
Missing authentication in ShenYu
2022-01-28 22:13:44
nuclei
nuclei
Apache ShenYu Admin Unauth Access
2022-01-27 10:29:26
prion
prion
Authentication flaw
2022-01-25 13:15:00