CVE-2022-23945

Name of the Vulnerable Software and Affected Versions Apache ShenYu versions 2.4.0 through 2.4.1

Description The issue is related to missing authentication on ShenYu Admin when registering by HTTP, which can allow a remote attacker to bypass security restrictions.

Recommendations For Apache ShenYu versions 2.4.0 and 2.4.1, consider disabling the HTTP registration functionality until a patch is available. Restrict access to the ShenYu Admin module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.