User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/01/25/15 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/01/25/5 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/01/26/2 | Mailing List Patch Third Party Advisory |
https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-01-25T13:00:24
Updated: 2022-01-26T12:06:15
Reserved: 2022-01-25T00:00:00
Link: CVE-2022-23944
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-25T13:15:08.183
Modified: 2022-02-01T14:28:35.307
Link: CVE-2022-23944
JSON object: View
Redhat Information
No data.