CVE-2022-23869

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.
References
Link Resource
https://gitee.com/y_project/RuoYi/issues/I4RCO2 Exploit Issue Tracking Third Party Advisory
https://gitee.com/y_project/RuoYi/issues/I4RCO2 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ruoyi:ruoyi:4.7.2:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://gitee.com/y_project/RuoYi/issues/I4RCO2 - Exploit, Issue Tracking, Third Party Advisory () https://gitee.com/y_project/RuoYi/issues/I4RCO2 - Exploit, Issue Tracking, Third Party Advisory

04 Apr 2022, 19:48

Type Values Removed Values Added
References (MISC) https://gitee.com/y_project/RuoYi/issues/I4RCO2 - (MISC) https://gitee.com/y_project/RuoYi/issues/I4RCO2 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:ruoyi:ruoyi:4.7.2:*:*:*:*:*:*:*
CWE CWE-732
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5

30 Mar 2022, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-30 11:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23869

Mitre link : CVE-2022-23869

CVE.ORG link : CVE-2022-23869


JSON object : View

Products Affected

ruoyi

  • ruoyi
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource