Description

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.

Related CPE's

a

ruoyi

ruoyi

3.4.0

Vulnerable

References

https://github.com/lerry903/RuoYi/issues/20

ExploitIssue Tracking

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-11T14:15:12.523

11 months ago

Last modified

2023-08-18T13:21:02.430

11 months ago