Vulnerabilities > Apache > Shenyu > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2022-42735 Improper Privilege Management vulnerability in Apache Shenyu 2.5.0
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .
network
low complexity
apache CWE-269
8.8
2022-09-01 CVE-2022-37435 Unspecified vulnerability in Apache Shenyu 2.4.2/2.4.3
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords.
network
low complexity
apache
8.8
2022-05-17 CVE-2022-26650 Unspecified vulnerability in Apache Shenyu 2.4.0/2.4.1/2.4.2
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user.
network
low complexity
apache
7.5
2022-01-25 CVE-2022-23223 Insufficiently Protected Credentials vulnerability in Apache Shenyu 2.4.0/2.4.1
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users.
network
low complexity
apache CWE-522
7.5
2022-01-25 CVE-2022-23945 Missing Authentication for Critical Function vulnerability in Apache Shenyu 2.4.0/2.4.1
Missing authentication on ShenYu Admin when register by HTTP.
network
low complexity
apache CWE-306
7.5