You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Zhang Yonglun <zh...@apache.org> on 2023/02/15 03:11:22 UTC

CVE-2022-42735: Apache ShenYu Admin ultra vires

Severity: low

Description:

Improper Privilege Management vulnerability in Apache Software
Foundation Apache ShenYu.

ShenYu Admin allows low-privilege low-level administrators create
users with higher privileges than their own.

This issue affects Apache ShenYu: 2.5.0.

Work Arounds:

Upgrade to Apache ShenYu 2.5.1 or apply patch
https://github.com/apache/shenyu/pull/3958.

Credit:

xxhzz (finder)

References:

https://sling.apache.org/news.html
https://shenyu.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-42735


--

Zhang Yonglun
Apache ShenYu & ShardingSphere