Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Jan 2022 13:54:46 +0800
From: Haoran Meng <menghaoran@...che.org>
To: oss-security@...ts.openwall.com, dev@...rdingsphere.apache.org
Subject: CVE-2022-22733: Apache ShardingSphere ElasticJob-UI: Access-Token in
 ElasticJob UI causes password disclosure

Severity: moderate

Description:

Exposure of Sensitive Information to an Unauthorized Actor
vulnerability in Apache ShardingSphere ElasticJob-UI allows an
attacker who has guest account to do privilege escalation. This issue
affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere
ElasticJob-UI 3.x version 3.0.0 and prior versions.





-- 
Best,
Haoran Meng
Apache ShardingSphere

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.