admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-23944.md

Browse Source
This commit is contained in:
之乎者也 2023-04-07 11:06:13 +08:00 committed by GitHub
parent df26085e01
commit 1d0d2005ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-23944.md Normal file
View File

@ -0,0 +1,12 @@
## Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)
| **Vulnerability** | **Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)** |
| :----: | :-----|
| **Chinese name** | Apache ShenYu Admin plugin 接口未授权访问漏洞CVE-2022-23944 |
| **CVSS core** | 9.1 |
| **FOFA Query** (click to view the results directly)| [body="id=\\\"httpPath\\\" style=\\\"display: none"](https://fofa.info/result?qbase64=Ym9keT0iaWQ9XFxcImh0dHBQYXRoXFxcIiBzdHlsZT1cXFwiZGlzcGxheTogbm9uZSI%3D) |
| **Number of assets affected** | 74 |
| **Description** | Apache ShenYu is an asynchronous, high-performance, cross-language, reactive API gateway of the Apache Foundation. Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |
| **Impact** | Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |
![](https://s3.bmp.ovh/imgs/2023/04/07/7151dc2cc22bed37.gif)