exploitDog

CVE-2023-27088

Опубликовано: 08 мар. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.

Ссылки

https://github.com/chen87548081/feiqu-opensource/issues/2
Exploit
Issue Tracking
Third Party Advisory
https://github.com/chen87548081/feiqu-opensource/issues/2
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:feiqu-opensource_project:feiqu-opensource:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-w922-qg6g-84wc

CVSS3: 8.8

github

почти 3 года назад

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.

EPSS

Процентиль: 26%

0.00089

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-284