Описание
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
Ссылки
- Third Party Advisory
- Permissions Required
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ruoyi:ruoyi:4.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-284
Связанные уязвимости
CVSS3: 7.5
github
2 месяца назад
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-284