Primary

Context

RuoYi Access Control Vulnerability in Department Data Management

Vulnerability

Patched

An access control vulnerability has been identified in RuoYi version 4.8.2, specifically within the 'selectDept' function. This vulnerability allows unauthorized users to access sensitive department data without proper permission checks. Unlike other interfaces that manage department information and utilize the Shiro framework's permission annotations to enforce access controls, the affected function lacks these essential safeguards.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive department information.

Reproduction

The vulnerability can be reproduced by accessing the 'selectDept' function without the necessary permissions. This can be done through the department management interface, which is part of the RuoYi application.

Added: Jan 23, 2026, 7:19 PM

Updated: Jan 23, 2026, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

9.5

remediation

7.7

relevance

2.3

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

9.5

remediation

7.7

relevance

2.3

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RuoYi Access Control Vulnerability in Department Data Management

Vulnerability

Impact

Reproduction

Affected Products

RuoYi

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating