CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

Related Vulnerabilities

CVE-2020-10672 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-4493 Vulnerability in maven package io.scif:scifio

CVE-2019-10468 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci

CVE-2023-30518 Vulnerability in maven package io.jenkins.plugins:thycotic-secret-server

CVE-2019-10369 Vulnerability in maven package org.jenkins-ci.plugins:jclouds-jenkins

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N