oss-sec mailing list archives
CVE-2022-42735: Apache ShenYu Admin ultra vires
From: Zhang Yonglun <zhangyonglun () apache org>
Date: Wed, 15 Feb 2023 11:19:22 +0800
Severity: low Description: Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Work Arounds: Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958. Credit: xxhzz (finder) References: https://shenyu.apache.org https://www.cve.org/CVERecord?id=CVE-2022-42735 -- Zhang Yonglun Apache ShenYu & ShardingSphere
Current thread:
- CVE-2022-42735: Apache ShenYu Admin ultra vires Zhang Yonglun (Feb 15)