CVE-2022-23869

MEDIUM

RuoYi <4.7.2 - Info Disclosure

Title source: llm

Description

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.

Exploits (1)

gitee 47,892 stars

by y_project · javawriteup

https://gitee.com/y_project/RuoYi/issues/I4RCO2

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/y_project/RuoYi/issues/I4RCO2

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-732

Status published

Affected Products (1)

ruoyi/ruoyi

Timeline

Published Mar 30, 2022

Tracked Since Feb 18, 2026