Lucene search

[email protected]CVE-2022-23869

HistoryMar 30, 2022 - 11:15 a.m.

CVE-2022-23869

2022-03-3011:15:07

CWE-732

[email protected]

web.nvd.nist.gov

cve-2022-23869

ruoyi v4.7.2

webui

password reset

security vulnerability

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.0%

JSON

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

Affected configurations

NVD

Node

ruoyiruoyiMatch4.7.2

CPENameOperatorVersion
ruoyi:ruoyiruoyieq4.7.2

CPE	Name	Operator	Version
ruoyi:ruoyi	ruoyi	eq	4.7.2

References

gitee.com/y_project/RuoYi/issues/I4RCO2

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

20.0%

JSON

Related for CVE-2022-23869

cvelist1 osv1 prion1 nvd1