exploitDog

GHSA-h6wg-mx84-h3rv

Опубликовано: 21 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-55366

CVSS3: 5.3

nvd

6 месяцев назад

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284