VDB
CVE-2020-17523
CVE-2020-17523
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Authentication bypass in Apache Shiro
EPSS 88.77% · 99.5th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
88.77%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.shiro:shiro-web | 0 |
| n/a | Apache Shiro | before 1.7.1 |
| Maven | org.apache.shiro:shiro-spring-boot-starter | 0 |
| apache | shiro | 0 |
| Maven | org.apache.shiro:shiro-spring | 0 |
Exploit Intelligence
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc-repo)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc)
- shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境 (github-poc)
…and 9 more exploits
Timeline
- Feb 3, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- May 5, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 9, 2022 CVE Updated
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E url
- [activemq-gitbox] 20210210 [GitHub] [activemq] ehossack-aws opened a new pull request #614: Update shiro to 1.7.1 mailing-list
- [activemq-issues] 20210301 [jira] [Created] (AMQ-8159) High severity security issues found in Apache Shiro v.1.7.0 mailing-list
- [shiro-dev] 20210331 Re: Request for assistance to backport CVE-2020-13933 fix mailing-list
- [shiro-dev] 20210407 Re: Request for assistance to backport CVE-2020-13933 fix mailing-list
- [shiro-dev] 20210424 Re: Ask help for upgrading Shiro in CDH platform to 1.7.1 mailing-list
- [activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs mailing-list
- [shiro-dev] 20210504 Re: Request for assistance to backport CVE-2020-13933 fix mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2020-17523 advisory
- https://github.com/apache/shiro/pull/263 url
- https://issues.apache.org/jira/browse/SHIRO-797 url
- https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235@%3Cgitbox.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196@%3Cdev.shiro.apache.org%3E url
- https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E url
- https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E url
- https://lists.apache.org/thread.html/rd4b613e121438b97e3eb263cac3137caddb1dbd8f648b73a4f1898a6@%3Cissues.activemq.apache.org%3E url
- https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E url
- http://shiro.apache.org/download.html url