CVE-2022-42735

Published: Feb 15, 2023Modified: Mar 19, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .

Affected (1)

Products: Apache: Shenyu

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Shenyu	Version 2.5.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/2k8764jmckmc19qc8x51nlnngq71pcf7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.