Incorrect Permission Assignment for Critical Resource
CVE-2021-37305
Summary
An Insecure Permissions issue in "jeecg-boot" versions through 2.4.5 allows remote attackers to gain escalated privilege and view sensitive information via api uri: "/sys/user/querySysUser?username=admin". NOTE: The affected versions of this package are not available in a package manager we support.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References
Advisory Timeline
- Published