CVE-2022-37435

Name of the Vulnerable Software and Affected Versions Apache ShenYu versions 2.4.2 through 2.4.3

Description The issue is related to insecure permissions in Apache ShenYu Admin, which may allow low-privilege administrators to modify high-privilege administrator's passwords.

Recommendations For versions 2.4.2 and 2.4.3, update to version 2.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the administrator password modification functionality until a patch is applied.