[org.apache.shenyu:shenyu-common] Apache ShenYu Admin v2.4.2-v2.4.3 has insecure permissions

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-37435
• https://lists.apache.org/thread/ndblyxr2fdrvjtgbs1bogxgv2cgk7t28
• https://github.com/apache/shenyu/pull/3658
• https://github.com/apache/shenyu/releases/tag/v2.5.0
• https://github.com/advisories/GHSA-fjjw-82xw-vfc2