Description
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
Remediation
References
https://github.com/opengoofy/hippo4j/issues/1061
Related Vulnerabilities
CVE-2019-20444 Vulnerability in maven package io.netty:netty-all
CVE-2022-22885 Vulnerability in maven package cn.hutool:hutool-http
CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine
CVE-2020-7660 Vulnerability in maven package org.webjars.npm:serialize-javascript