A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results in improper authorization.
The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning.
This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0
Weakness Type (CWE)
References 6
https://github.com/yeqifu/warehouse/
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/59
cna@vuldb.com
https://github.com/yeqifu/warehouse/issues/59#issue-3846665806
cna@vuldb.com
https://vuldb.com/?ctiid.344683
cna@vuldb.com
https://vuldb.com/?id.344683
cna@vuldb.com
https://vuldb.com/?submit.745517
cna@vuldb.com