CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

Related Vulnerabilities

CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2022-45136 Vulnerability in maven package org.apache.jena:jena-sdb

CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2019-0192 Vulnerability in maven package org.apache.solr:solr-core

CVE-2021-45456 Vulnerability in maven package org.apache.kylin:kylin-server-base

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N