You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Zhang Yonglun <zh...@apache.org> on 2023/02/15 03:11:22 UTC
CVE-2022-42735: Apache ShenYu Admin ultra vires
Severity: low
Description:
Improper Privilege Management vulnerability in Apache Software
Foundation Apache ShenYu.
ShenYu Admin allows low-privilege low-level administrators create
users with higher privileges than their own.
This issue affects Apache ShenYu: 2.5.0.
Work Arounds:
Upgrade to Apache ShenYu 2.5.1 or apply patch
https://github.com/apache/shenyu/pull/3958.
Credit:
xxhzz (finder)
References:
https://sling.apache.org/news.html
https://shenyu.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-42735
--
Zhang Yonglun
Apache ShenYu & ShardingSphere