5 matches found
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
creationtimestamp| type| source ---|---|--- 2023-03-16 06:30:31+00:00| seen| https://t.me/cibsecurity/60109 2025-02-26 19:24:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5586...
cn.hippo4j:hippo4j-adapter-web (>=1.4.0 <=1.4.3-upgrade.2), cn.hippo4j:hippo4j-config-spring-boot-1x-starter (>=1.4.2 <=1.4.3-upgrade.2) +20 more potentially affected by CVE-2023-27095 via cn.hippo4j:hippo4j-core (>=1.1.0-RC1 <=1.4.3)
cn.hippo4j:hippo4j-core MAVEN version =1.1.0-RC1, =1.4.0, =1.4.2, =1.4.0, =1.1.0, =1.4.3, =1.4.0, =1.4.1, =1.4.0, =1.4.1, =1.4.0, =1.4.1, =1.4.0, =1.1.0, =1.4.0, =1.4.1, =1.4.3-upgrade.2 and more Source cves: CVE-2023-27095 Source advisory: OSV:GHSA-XG89-VVWP-9C27...
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...
CVE-2023-27095
OpenGoofy Hippo4j v1.4.3 has an Insecure Permissions vulnerability allowing privilege escalation via the AddUser method in the UserController of the Tenant Management module. The root cause is insecure permission handling, enabling an attacker to elevate privileges. The CVE entry cites impact on ...