Insecure Permissions in jeecg-boot Allows Remote Privilege Escalation
CVE-2021-37306

7.5HIGH

Key Information:

Vendor: Jeecg
Status: Jeecg
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-37306?

An Insecure Permissions vulnerability in jeecg-boot, versions 2.4.5 and earlier, allows remote attackers to exploit inadequate access controls. This can lead to escalated privileges, enabling unauthorized users to gain access to sensitive information through the API endpoint: /sys/user/checkOnlyUser?username=admin. Attackers may leverage this flaw to bypass security measures and execute actions that should be restricted.

References

https://github.com/jeecgboot/jeecg-boot/issues/2794

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 21, 2021

Jeecg

What is CVE-2021-37306?

References

CVSS V3.1

Timeline