CVE-2022-23223 Vulnerability in maven package org.apache.shenyu:shenyu-common

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/25/7

http://www.openwall.com/lists/oss-security/2022/01/26/4

https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s

Related Vulnerabilities

CVE-2020-2235 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2020-28498 Vulnerability in npm package elliptic

CVE-2019-17426 Vulnerability in npm package mongoose

CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular

CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N