Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Apache ShenYu Admin by Apache Software Foundation
CVE-2021-37580 (GCVE-0-2021-37580)
Vulnerability from nvd – Published: 2021-11-16 09:35 – Updated: 2024-08-04 01:23
VLAI
KEVIntel
Title
Apache ShenYu Admin bypass JWT authentication
Summary
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Severity
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/o15j25qwtpcw62k48… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/11/16/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ShenYu Admin |
Affected:
Apache ShenYu Admin 2.3.0-2.4.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ShenYu Admin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache ShenYu Admin 2.3.0-2.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by \u4f0d \u96c4"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T12:06:06.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ShenYu Admin bypass JWT authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-37580",
"STATE": "PUBLIC",
"TITLE": "Apache ShenYu Admin bypass JWT authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ShenYu Admin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Apache ShenYu Admin",
"version_value": "2.3.0-2.4.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by \u4f0d \u96c4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-37580",
"datePublished": "2021-11-16T09:35:11.000Z",
"dateReserved": "2021-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:23:01.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37580 (GCVE-0-2021-37580)
Vulnerability from cvelistv5 – Published: 2021-11-16 09:35 – Updated: 2024-08-04 01:23
VLAI
KEVIntel
Title
Apache ShenYu Admin bypass JWT authentication
Summary
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
Severity
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/o15j25qwtpcw62k48… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/11/16/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ShenYu Admin |
Affected:
Apache ShenYu Admin 2.3.0-2.4.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache ShenYu Admin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache ShenYu Admin 2.3.0-2.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by \u4f0d \u96c4"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T12:06:06.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ShenYu Admin bypass JWT authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-37580",
"STATE": "PUBLIC",
"TITLE": "Apache ShenYu Admin bypass JWT authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ShenYu Admin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Apache ShenYu Admin",
"version_value": "2.3.0-2.4.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by \u4f0d \u96c4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
},
{
"name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/16/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-37580",
"datePublished": "2021-11-16T09:35:11.000Z",
"dateReserved": "2021-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:23:01.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}