CVE-2022-23223

Source
https://cve.org/CVERecord?id=CVE-2022-23223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23223
Aliases
Published
2022-01-25T13:00:22Z
Modified
2026-07-15T01:49:18.921500802Z
Summary
Apache ShenYu Password leakage
Details

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Database specific
{
    "cwe_ids": [
        "CWE-522"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23223.json",
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Apache ShenYu (incubating)"
                },
                {
                    "fixed": "2.4.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/shenyu

Affected ranges

Type
GIT
Repo
https://github.com/apache/shenyu
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:shenyu:2.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:shenyu:2.4.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "2.4.1"
        },
        {
            "last_affected": "2.4.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2.*
2.4.0
2.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23223.json"