CVE-2023-38989

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 31, 2023

Updated: Aug 4, 2023

CWE ID 862

Summary

CVE-2023-38989 is a vulnerability affecting jeesite v1.2.6. In this version, the delete function in the UserController class contains a flaw that allows authenticated attackers to delete the Administrator's role information arbitrarily. This issue can lead to significant security implications, as the attacker could potentially gain unauthorized administrative access to the system. This vulnerability underscores the importance of regular software updates and strong access control measures to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG6Ggn
https://www.cve.org/CVERecord?id=CVE-2023-38989
https://nvd.nist.gov/vuln/detail/CVE-2023-38989

Back to Vulnerability Database

CVE-2023-38989

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations