CVE-2022-23223

CVE-2022-23223: Apache ShenYu Password leakage

Vendor Apache Software Foundation

Product Apache ShenYu (incubating)

Weakness CWE-522 · Insufficiently protected credentials

Published January 25, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Key dates

Disclosure timeline

January 25, 2022 CVE published

August 3, 2024 Record updated