CVE-2022-23223
HIGH7.5EPSS 4.6%Password exposure in ShenYu
Published: 1/28/2022Modified: 2/16/2024
Description
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
Affected packages (1)
- Maven/org.apache.shenyu:shenyu-common>= 2.4.0, < 2.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23223
- WEBhttps://github.com/apache/incubator-shenyu
- WEBhttps://github.com/apache/incubator-shenyu/releases/tag/v2.4.2
- WEBhttps://github.com/apache/shenyu/commit/0e826ceae97a1258cb15c73a3072118c920e8654
- WEBhttps://github.com/apache/shenyu/pull/2357
- WEBhttps://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
- WEBhttp://www.openwall.com/lists/oss-security/2022/01/25/7
- WEBhttp://www.openwall.com/lists/oss-security/2022/01/26/4