CVE-2022-23945
HIGHApache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration
Title source: llmDescription
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
References (3)
Core 3
Core References
Mailing List, Not Applicable, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/25/6
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/26/3
Scores
CVSS v3
7.5
EPSS
0.0073
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
CWE-306
Status
published
Products (3)
apache/shenyu
2.4.0
apache/shenyu
2.4.1
org.apache.shenyu/shenyu-common
2.4.0 - 2.4.2Maven
Published
Jan 25, 2022
Tracked Since
Feb 18, 2026