<p>There is no fixed version for <code>cn.hippo4j:hippo4j-all</code>.</p>

Insecure Permissions Affecting cn.hippo4j:hippo4j-all package, versions [0,]

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.06% (24^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-CNHIPPO4J-3361722
published 16 Mar 2023
disclosed 16 Mar 2023
credit ljk5

Report a new vulnerability Found a mistake?

Introduced: 16 Mar 2023

CVE-2023-27095 Open this link in a new tab CWE-275 Open this link in a new tab

How to fix?

There is no fixed version for cn.hippo4j:hippo4j-all.

Overview

Affected versions of this package are vulnerable to Insecure Permissions by allowing the attacker to escalate privileges via the AddUser method of the UserController function in Tenant Management module.

References

GitHub Issue