CVE-2022-23223
Password exposure in ShenYu
7.5
HIGH
CVSS 3.1
EPSS 4.6%
Description
On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.
How to fix CVE-2022-23223
To remediate CVE-2022-23223, upgrade the affected package to a fixed version below.
- Maven/org.apache.shenyu:shenyu-common—upgrade to 2.4.2 or later
Is CVE-2022-23223 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.4.0, < 2.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |