Description
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
Remediation
References
https://github.com/opengoofy/hippo4j/issues/1061
Related Vulnerabilities
CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient
CVE-2022-25646 Vulnerability in npm package x-data-spreadsheet
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13
CVE-2020-11111 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind