Apache · Apache Shenyu · CVE-2022-23944
**Name of the Vulnerable Software and Affected Versions**
Apache ShenYu versions 2.4.0 through 2.4.1
**Description**
The issue is related to the lack of authentication for a critical function, allowing a remote attacker to bypass security restrictions and access the "/plugin API" endpoint without authentication.
**Recommendations**
For Apache ShenYu versions 2.4.0 and 2.4.1, consider disabling access to the "/plugin API" endpoint until a patch is available.
As a temporary workaround, restrict access to the "/plugin API" endpoint to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.