An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
An attacker without any privileges and without user interaction can manipulate the jobLogId parameter in HTTP requests directed to the vulnerable endpoint of the RuoYi application. Improper access control (CWE-284) causes the server to fail to properly verify the caller's privileges, leading to privilege escalation. The attack is possible remotely over the network without the need to have an account in the system.
An attacker can obtain elevated privileges in the application, resulting in complete loss of confidentiality, integrity, and availability of the system — including the ability to read and modify data as well as disrupt service operation.
Patches available from the vendor should be applied according to references. It is recommended to verify the official RuoYi repository (https://github.com/yangzongzhuan/RuoYi) to obtain the current patched version and restrict access to vulnerable endpoints at the firewall or reverse proxy level until the patch is deployed.
RuoYi v.4.8.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRuoyi
APPRuoyi4.8.0
Related vulnerabilities
RuoYi v4.8.2 — nieprawidłowa kontrola dostępu w funkcji aktualizacji
SQL Injection (RCE) w RuoYi v.4.7.9 i wcześniejszych — funkcja createTable
RuoYi 4.8.0 – privilege escalation przez metodę changeStatus
Eskalacja uprawnień przez parametr jobId w RuoYi v.4.8.0
RuoYi 4.8.0 — privilege escalation przez brak walidacji parametru deptId