CVE-2022-42735

CVE-2022-42735: Apache ShenYu Admin ultra vires

Vendor Apache Software Foundation

Product Apache ShenYu

Weakness CWE-269

Published February 15, 2023

Last update March 19, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .

Key dates

Disclosure timeline

February 15, 2023 CVE published

March 19, 2025 Record updated