CVE-2024-57438

Description

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.

How to fix CVE-2024-57438

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Maven/com.ruoyi:ruoyi—no fix listed

Is CVE-2024-57438 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 4.8.0

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-57438
• PATCHgitee.com/y_project/RuoYi
• WEBgithub.com/peccc/restful_vul/blob/main/ruoyi_insecure_role_assignments/ruoyi_insecure_role_assignments.md
• WEBgithub.com/yangzongzhuan/RuoYi
• WEB