exploitDog

CVE-2022-23869

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

Ссылки

https://gitee.com/y_project/RuoYi/issues/I4RCO2
Exploit
Issue Tracking
Third Party Advisory
https://gitee.com/y_project/RuoYi/issues/I4RCO2
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ruoyi:ruoyi:4.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00127

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-2h36-h7fr-hrvc

CVSS3: 6.5

github

больше 3 лет назад

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

EPSS

Процентиль: 33%

0.00127

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732