CVE-2024-57438

CVSS v4.0

5.6

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.0

Description The issue concerns insecure permissions that allow authenticated attackers to escalate privileges by assigning themselves higher level roles.

Recommendations For RuoYi version 4.8.0, update the permissions to restrict role assignments and prevent privilege escalation. Ensure that only authorized users can assign roles to prevent abuse.

Exploit

Fix

Incorrect Authorization

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-276

Related Identifiers

CVE-2024-57438

GHSA-H5JH-RP76-Q242

Affected Products

Ruoyi

CVE-2024-57438

Weakness Enumeration

Related Identifiers

Affected Products

References · 10