exploitDog

CVE-2022-21660

Опубликовано: 09 фев. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds.

Ссылки

https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-xxvh-9c87-pqjx
Exploit
Third Party Advisory
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-xxvh-9c87-pqjx
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gin-vue-admin_project:gin-vue-admin:*:*:*:*:*:*:*:*

Версия до 2.4.6 (включая)

EPSS

Процентиль: 72%

0.00707

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-862

EPSS

Процентиль: 72%

0.00707

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-862