A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization.
It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery.
Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0
Weakness Type (CWE)
References 6
https://github.com/yeqifu/warehouse/
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/57
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/57#issue-3846662068
cna@vuldb.com
https://vuldb.com/?ctiid.344681
cna@vuldb.com
https://vuldb.com/?id.344681
cna@vuldb.com
https://vuldb.com/?submit.745515
cna@vuldb.com