## Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)

|   **Vulnerability**  | **Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)**  |
| :----:   | :-----|
|  **Chinese name**  | Apache ShenYu Admin plugin 接口未授权访问漏洞（CVE-2022-23944） |
| **CVSS core**  | 9.1 |
| **FOFA Query**  (click to view the results directly)| [body="id=\\\"httpPath\\\" style=\\\"display: none"](https://fofa.info/result?qbase64=Ym9keT0iaWQ9XFxcImh0dHBQYXRoXFxcIiBzdHlsZT1cXFwiZGlzcGxheTogbm9uZSI%3D) |
| **Number of assets affected**  | 74 |
| **Description**  | Apache ShenYu is an asynchronous, high-performance, cross-language, reactive API gateway of the Apache Foundation. Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |
| **Impact** | Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |

![](https://s3.bmp.ovh/imgs/2023/04/07/7151dc2cc22bed37.gif)