Incorrect Permission Assignment for Critical Resource
An Insecure Permissions issue in "jeecg-boot" versions through 2.4.5 allows remote attackers to gain escalated privilege and view sensitive information via api uri: "/sys/user/querySysUser?username=admin". NOTE: The affected versions of this package are not available in a package manager we support.
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.