CVE-2022-23944

CVE-2022-23944: Apache ShenYu 2.4.1 Improper access control

Vendor Apache Software Foundation
Product Apache ShenYu (incubating)
Weakness CWE-862 · Missing authorization
Published January 25, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Key dates

Disclosure timeline

January 25, 2022 CVE published
August 3, 2024 Record updated