CVE-2022-23869 Information

Description

In RuoYi v4.7.2 through the WebUI user test1 does not have permission to reset the password of user test3 but the password of user test3 can be reset through the /system/user/resetPwd request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://gitee.com/y_project/RuoYi/issues/I4RCO2

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5