Incorrect Permission Assignment for Critical Resource
CVE-2021-37306
Summary
An Insecure Permissions issue in jeecg-boot versions through 2.4.5 allows remote attackers to gain escalated privilege and view sensitive information via 'api' 'uri:' 'api' "uri:/sys/user/checkOnlyUser?username=admin". NOTE: The affected versions of this package are not available in a package manager we support.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Advisory Timeline
- Published
