Description
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.
Remediation
References
https://github.com/jeecgboot/jeecg-boot/issues/2794
Related Vulnerabilities
CVE-2017-7676 Vulnerability in maven package org.apache.ranger:ranger
CVE-2018-13863 Vulnerability in maven package org.webjars.npm:bson
CVE-2017-5643 Vulnerability in maven package org.apache.camel:camel-core
CVE-2015-7940 Vulnerability in maven package org.bouncycastle:bcprov-jdk15
CVE-2018-20676 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap