exploitDog

GHSA-7rgc-r95x-r2m3

Опубликовано: 26 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

Ссылки

EPSS

Процентиль: 13%

0.00044

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862

Связанные уязвимости

CVE-2025-46175

CVSS3: 7.5

nvd

2 месяца назад

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.

EPSS

Процентиль: 13%

0.00044

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862