PT-2023-14144 · Apache · Apache Shenyu

Xxhzz

Published

2023-02-15

Updated

2025-03-19

CVE-2022-42735

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache ShenYu version 2.5.0

Description The issue is related to Improper Privilege Management in Apache ShenYu, where ShenYu Admin allows low-privilege low-level administrators to create users with higher privileges than their own.

Recommendations For Apache ShenYu version 2.5.0, upgrade to Apache ShenYu 2.5.1 or apply the provided patch.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-42735

GHSA-VF8H-2WWJ-JQ22

Affected Products

Apache Shenyu

PT-2023-14144 · Apache · Apache Shenyu

CVE-2022-42735

Weakness Enumeration

Related Identifiers

Affected Products

References · 9