Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Password exposure in ShenYu
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
Permalink: https://github.com/advisories/GHSA-7wq4-89xx-g62jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 7 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-7wq4-89xx-g62j, CVE-2022-23223
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-23223
- https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
- http://www.openwall.com/lists/oss-security/2022/01/25/7
- https://github.com/apache/incubator-shenyu/releases/tag/v2.4.2
- http://www.openwall.com/lists/oss-security/2022/01/26/4
- https://github.com/apache/shenyu/pull/2357
- https://github.com/apache/shenyu/commit/0e826ceae97a1258cb15c73a3072118c920e8654
- https://github.com/advisories/GHSA-7wq4-89xx-g62j
Blast Radius: 12.3
Affected Packages
maven:org.apache.shenyu:shenyu-common
Dependent packages: 27Dependent repositories: 44
Downloads:
Affected Version Ranges: >= 2.4.0, < 2.4.2
Fixed in: 2.4.2
All affected versions: 2.4.0, 2.4.1
All unaffected versions: 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.6.0, 2.6.1