exploitDog

CVE-2022-42735

Опубликовано: 15 фев. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu.

ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own.

This issue affects Apache ShenYu: 2.5.0.

Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .

Ссылки

https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7
Mailing List
Vendor Advisory
https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:shenyu:2.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0037

Низкий

8.8 High

CVSS3

Дефекты

CWE-269

CWE-269

CWE-269

Связанные уязвимости

GHSA-vf8h-2wwj-jq22

CVSS3: 8.8

github

почти 3 года назад

Privilege escalation in Apache ShenYu

EPSS

Процентиль: 58%

0.0037

Низкий

8.8 High

CVSS3

Дефекты

CWE-269

CWE-269

CWE-269