exploitDog

GHSA-2h36-h7fr-hrvc

Опубликовано: 31 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

Ссылки

EPSS

Процентиль: 33%

0.00127

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-732

Связанные уязвимости

CVE-2022-23869

CVSS3: 6.5

nvd

больше 3 лет назад

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

EPSS

Процентиль: 33%

0.00127

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-732