-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jeecgframework.boot:jeecg-boot-base | maven | <= 2.4.5 |
Miggo AIRoot Cause AnalysisThe vulnerability is explicitly tied to the '/sys/user/querySysUser' API endpoint, which maps to a controller method in Spring Boot applications. The CWE-732 classification indicates improper permission assignment, suggesting the endpoint's handler function lacks required security annotations (e.g., @PreAuthorize) to enforce access controls. This allows unauthorized users to exploit the endpoint for privilege escalation and data exposure. The high confidence stems from the direct correlation between the documented attack vector and standard Spring Boot controller patterns.
Ongoing coverage of React2Shell