漏洞描述
ShenYu(原名 Soul)是一款高性能,响应式的网关,同时也是应用于所有微服务场景的,可扩展、高性能、响应式的 API网关解决方案。用户无需身份验证即可访问 /plugin api。此问题影响 Apache ShenYu 2.4.0 和 2.4.1。
APACHE SHENYU2.4.0/2.4.1 API/PLUGIN 权限升级(CVE-2022-23944)
PoC代码
暂无相关漏洞推荐
-
CVE-2021-37580: Apache ShenYu Admin JWT authentication bypass POC
2025-09-01 | Apache ShenYuA flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an ... -
CVE-2022-23944: Apache ShenYu Admin Unauth Access POC
2025-09-01 | Apache ShenYuApache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api ... -
CVE-2021-37580: Apache ShenYu Admin JWT - Authentication Bypass POC
2025-08-01 | Apache ShenYuApache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of... -
Webmin /package-updates/update.cgi 命令执行漏洞(CVE-2022-36446) 无POC
2025-09-05 | WebminWebmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.997之前的版本存在安全漏洞,该漏洞源于其software/apt-lib.pl组件缺少对U... -
CVE-2022-0342: Zyxel authentication bypass patch analysis POC
2025-09-01 | ZyxelAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio...