=====================================================================

                                   CERT-Renater

                       Note d'Information No. 2022/VULN308

_____________________________________________________________________

DATE                : 01/09/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache ShenYu versions prior to
                                    2.5.0.

=====================================================================
https://lists.apache.org/thread/9lyhkppkf8l8j8vwg1kb9fygc57k3wys
_____________________________________________________________________

CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management
Severity: moderate

Description:

Apache ShenYu Admin has insecure permissions, which may allow
low-privilege administrators to modify high-privilege administrator's
passwords.

This issue affects Apache ShenYu 2.4.2 and 2.4.3.


Mitigation:

Upgrade to Apache ShenYu 2.5.0 or apply patch
https://github.com/apache/shenyu/pull/3658.


Credit:

Apache ShenYu would like to thank Lulu Gu for reporting this issue.


Apache ShenYu
Apache ShardingSphere

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================