Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

http://www.openwall.com/lists/oss-security/2021/11/16/1

Related Vulnerabilities

CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork

CVE-2020-14445 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.policyeditor.ui

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-postgis

CVE-2021-39231 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2023-24163 Vulnerability in maven package cn.hutool:hutool-all

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory Third Party Advisory