Incorrect Default Permissions Affecting com.ruoyi:ruoyi-admin package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.32% (24th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-COMRUOYI-8678675
  • published30 Jan 2025
  • disclosed29 Jan 2025
  • creditpeccc

Introduced: 29 Jan 2025

CVE-2024-57438  (opens in a new tab)
CWE-276  (opens in a new tab)

How to fix?

There is no fixed version for com.ruoyi:ruoyi-admin.

Overview

Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can escalate privileges by assigning themselves higher-level roles.

CVSS Base Scores

version 4.0
version 3.1