Skip to main content

Incorrect Permission Assignment for Critical Resource

CVE-2021-37305

High
7.5/10

Summary

An Insecure Permissions issue in "jeecg-boot" versions through 2.4.5 allows remote attackers to gain escalated privilege and view sensitive information via api uri: "/sys/user/querySysUser?username=admin". NOTE: The affected versions of this package are not available in a package manager we support.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

  • Published