Insecure Permissions in jeecg-boot Allows Remote Privilege Escalation
CVE-2021-37306
7.5HIGH
What is CVE-2021-37306?
An Insecure Permissions vulnerability in jeecg-boot, versions 2.4.5 and earlier, allows remote attackers to exploit inadequate access controls. This can lead to escalated privileges, enabling unauthorized users to gain access to sensitive information through the API endpoint: /sys/user/checkOnlyUser?username=admin. Attackers may leverage this flaw to bypass security measures and execute actions that should be restricted.