Skip to main content

Ruoyi CVE-2024-29400

HIGH
Information Exposure (CWE-200)
2024-04-12 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 12, 2024 - 07:15 cve.org
HIGH 7.5

DescriptionCVE.org

An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter.

AnalysisAI

An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. Affected products include: Ruoyi.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Ruoyi

View all
CVE-2025-28412 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeControlle

CVE-2025-28410 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not prop

CVE-2025-28406 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter. Rated critical sev

CVE-2025-28405 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method. Rated critical se

CVE-2025-28402 CRITICAL POC
9.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter. Rated critical severi

CVE-2023-49371 CRITICAL POC
9.8 Dec 01

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. Rated critical severity

CVE-2022-4566 CRITICAL POC
9.8 Dec 16

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. Rated critical severity (CVS

CVE-2025-70985 CRITICAL POC
9.1 Jan 23

RuoYi v4.8.2 has an access control flaw in the update function allowing unauthorized attackers to modify arbitrary data

CVE-2025-28409 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endp

CVE-2025-28407 HIGH POC
8.8 Apr 07

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endp

CVE-2025-56396 HIGH POC
8.8 Nov 26

An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department havi

CVE-2022-23868 HIGH POC
7.8 Mar 30

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Rated high s

Share

CVE-2024-29400 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy