admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-07 13:36:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2022-23944.md
之乎者也 1d0d2005ca
Create CVE-2022-23944.md
2023-04-07 11:06:13 +08:00

13 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)
| **Vulnerability** | **Apache ShenYu Admin plugin API Unauth Access Vulnerability (CVE-2022-23944)** |
| :----: | :-----|
| **Chinese name** | Apache ShenYu Admin plugin 接口未授权访问漏洞CVE-2022-23944 |
| **CVSS core** | 9.1 |
| **FOFA Query** (click to view the results directly)| [body="id=\\\"httpPath\\\" style=\\\"display: none"](https://fofa.info/result?qbase64=Ym9keT0iaWQ9XFxcImh0dHBQYXRoXFxcIiBzdHlsZT1cXFwiZGlzcGxheTogbm9uZSI%3D) |
| **Number of assets affected** | 74 |
| **Description** | Apache ShenYu is an asynchronous, high-performance, cross-language, reactive API gateway of the Apache Foundation. Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |
| **Impact** | Apache ShenYu 2.4.0 and 2.4.1 have an access control error vulnerability that stems from users accessing the /plugin api without authentication. |
![](https://s3.bmp.ovh/imgs/2023/04/07/7151dc2cc22bed37.gif)
Reference in New Issue View Git Blame Copy Permalink