9 matches found
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin...
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface...
GHSA-RWHW-6C6R-2823 Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface...
CVE-2021-37304
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface...
Design/Logic Flaw
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface...
CVE-2021-37306
CVE-2021-37306 affects jeecg-boot up to version 2.4.5 and earlier, where insecure permissions allow remote attackers to gain escalated privileges and view sensitive information via the API endpoint /sys/user/checkOnlyUser?username=admin. The vulnerability is documented with a HIGH impact (CVSS v3...
CVE-2021-37305
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin...
CVE-2021-37304
CVE-2021-37304 : Insecure permissions in jeecg-boot 2.4.5 allow unauthenticated remote attackers to gain escalated privileges and view sensitive information via the httptrace interface. The root cause is insufficient permission checks, enabling information disclosure and privilege escalation. The...
CVE-2021-37305
CVE-2021-37305 affects jeecg-boot up to version 2.4.5. The issue is an insecure permissions flaw in the API endpoint /sys/user/querySysUser?username=admin, allowing remote attackers to gain escalated privileges and view sensitive information (e.g., email, phone, usernames). Reports from multiple ...