Apache ShenYu Admin ultra vires
CVE-2022-42735

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Shenyu
Vendor: CVE Published:; 15 February 2023

Summary

The Apache ShenYu Admin interface contains an improper privilege management vulnerability that allows low-privileged administrators to erroneously create users with elevated privileges, which could lead to unauthorized access and manipulation of user rights. This issue specifically affects version 2.5.0 of Apache ShenYu. To mitigate this vulnerability, it is recommended to upgrade to Apache ShenYu version 2.5.1 or to apply the appropriate patch available at the link provided in the references.

Affected Version(s)

Apache ShenYu 0 <= 2.5.0

References

https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnng...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Oct 10, 2022

Credit

xxhzz