Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/16/1

https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb

Related Vulnerabilities

CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker

CVE-2020-4076 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-26539 Vulnerability in maven package org.webjars.npm:sanitize-html

CVE-2023-40347 Vulnerability in maven package org.jenkins-ci.plugins:maven-artifact-choicelistprovider

CVE-2020-2137 Vulnerability in maven package org.jenkins-ci.plugins:timestamper

Severity

Critical

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory