Lucene search

GoogleOSV:CVE-2023-27025

HistoryApr 02, 2023 - 1:15 a.m.

CVE-2023-27025

2023-04-0201:15:07

Google

osv.dev

arbitrary file download

background management

server

cve-2023-27025

ruoyi v4.7.6

vulnerability

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.7%

JSON

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

CPENameOperatorVersion
ruoyieq3.0
ruoyieq3.1
ruoyieq4.6.1
ruoyieq4.7.4
ruoyieq4.7.6
ruoyieq4.2
ruoyieq3.4
ruoyieq3.2
ruoyieq2.4
ruoyieq2.2

Name	Operator	Version
ruoyi	eq	3.0
ruoyi	eq	3.1
ruoyi	eq	4.6.1
ruoyi	eq	4.7.4
ruoyi	eq	4.7.6
ruoyi	eq	4.2
ruoyi	eq	3.4
ruoyi	eq	3.2
ruoyi	eq	2.4
ruoyi	eq	2.2

Rows per page:

1-10 of 261

References

gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0

gitee.com/y_project/RuoYi/issues/I697Q5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.7%

JSON

Related for OSV:CVE-2023-27025