CVE-2022-23223 – org.apache.shenyu:shenyu-common

Package

Manager: maven
Name: org.apache.shenyu:shenyu-common
Vulnerable Version: >=2.4.0 <2.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.04682 pctl0.88917

Details

Password exposure in ShenYu On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Metadata

Created: 2022-01-28T22:13:57Z
Modified: 2023-10-04T17:29:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-7wq4-89xx-g62j/GHSA-7wq4-89xx-g62j.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-7wq4-89xx-g62j
Finding: F035
Auto approve: 1