Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2020-28462 Vulnerability in npm package ion-parser

CVE-2019-10369 Vulnerability in maven package org.jenkins-ci.plugins:jclouds-jenkins

CVE-2021-37579 Vulnerability in maven package org.apache.dubbo:dubbo-common

CVE-2022-36025 Vulnerability in maven package org.hyperledger.besu:evm

CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory