Skip to content

[Bug] Hippo4j monitors unauthorized access vulnerabilities #1060

Open
@laoquanshi

Description

@laoquanshi

UserController for the Tenant Management module module of hippo4j. An unauthorized access vulnerability arises from the newly added tenant information
AddUser method to perform the current operation of user authentication, leads to any user can access hippo4j/v1 / cs/auth/users/add interface new super administrator privileges to ascend, further access to sensitive information.
Influence version
hippo4j 1.4.3 (Nov 06, 2022)
image

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions