CVE-2022-37435

Summary

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ShenYuApache ShenYu 2.4.2 and 2.4.3affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

Workarounds

Upgrade to Apache ShenYu 2.5.0 or apply patch https://github.com/apache/shenyu/pull/3658.

ADP Enrichment

CVE Program Container

Additional References

References