A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The manipulation leads to improper authorization.
The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product.
Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0
Weakness Type (CWE)
References 6
https://github.com/yeqifu/warehouse/
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/58
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/58#issue-3846664260
cna@vuldb.com
https://vuldb.com/?ctiid.344682
cna@vuldb.com
https://vuldb.com/?id.344682
cna@vuldb.com
https://vuldb.com/?submit.745516
cna@vuldb.com