exploitDog

GHSA-7rvm-47hf-m85c

Опубликовано: 26 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

Ссылки

EPSS

Процентиль: 13%

0.00042

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862

Связанные уязвимости

CVE-2025-46174

CVSS3: 7.5

nvd

2 месяца назад

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.

EPSS

Процентиль: 13%

0.00042

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862