CVE-2022-23223

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-23223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23223
Aliases
Published
2022-01-25T13:15:08.137Z
Modified
2026-04-10T04:44:41.392342Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

References

Affected packages

Git / github.com/apache/incubator-shenyu

Affected ranges

Type
GIT
Repo
https://github.com/apache/incubator-shenyu
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc841a2720ea0b5a6ca71f1b9c1aa7958d241f16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3c6e3a0a3134e59dc200cd68c85576d5bafc2f3b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.1"
        }
    ]
}

Affected versions

1.*
1.0.2
1.0.3
1.0.4
1.0.5
v2.*
v2.4.0
v2.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23223.json"