Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl

CVE-2021-23353 Vulnerability in npm package jspdf

CVE-2018-16472 Vulnerability in maven package org.webjars.npm:cached-path-relative

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2022-46751 Vulnerability in maven package org.apache.ivy:ivy

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory