CVE-2022-23869

{"id": "CVE-2022-23869", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-03-30T11:15:07.697", "references": [{"url": "https://gitee.com/y_project/RuoYi/issues/I4RCO2", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://gitee.com/y_project/RuoYi/issues/I4RCO2", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request."}, {"lang": "es", "value": "En RuoYi versi\u00f3n v4.7.2 mediante la WebUI, el usuario test1 no presenta permiso para restablecer la contrase\u00f1a del usuario test3, pero la contrase\u00f1a del usuario test3 puede ser restablecida mediante la petici\u00f3n /system/user/resetPwd"}], "lastModified": "2024-11-21T06:49:23.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruoyi:ruoyi:4.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CB6B43F-D94B-4413-9D63-D66179549CB7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}