CVE-2022-23223 Vulnerability Details

  /     /     /  

CVE-2022-23223 Metadata Quick Info

CVE Published: 25/01/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: apache | Vendor: Apache Software Foundation | Product: Apache ShenYu (incubating)
Status : PUBLISHED

---

CVE-2022-23223 Description

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-522
CWE Name: CWE-522 Insufficiently Protected Credentials
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).