PT-2022-15015 · Unknown · Gin-Vue-Admin

Uzju

Published

2022-02-09

Updated

2022-02-15

CVE-2022-21660

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.4.7

Description The issue affects Gin-vue-admin, a backstage management system based on vue and gin, where low privilege users can modify higher privilege users due to missing authentication on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later as soon as possible to resolve the issue. As a temporary workaround, consider disabling the setUserInfo function until a patch is available.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-21660

GHSA-XXVH-9C87-PQJX

Affected Products

Gin-Vue-Admin

PT-2022-15015 · Unknown · Gin-Vue-Admin

CVE-2022-21660

Weakness Enumeration

Related Identifiers

Affected Products

References · 8