Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 14 May 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Ruoyi
Ruoyi ruoyi
CPEs cpe:2.3:a:ruoyi:ruoyi:4.8.0:*:*:*:*:*:*:*
Vendors & Products Ruoyi
Ruoyi ruoyi

Thu, 06 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 29 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-02-06T15:33:47.497Z

Reserved: 2025-01-09T00:00:00.000Z

Link: CVE-2024-57438

cve-icon Vulnrichment

Updated: 2025-01-29T15:12:04.720Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-29T15:15:17.283

Modified: 2025-05-14T18:26:41.480

Link: CVE-2024-57438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.