Missing authorization in gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

授权机制缺失

Gin-Vue-Admin 权限许可和访问控制问题漏洞

Gin-Vue-Admin是一个基于 Vue 和 Gin 开发的全栈前开发基础平台。 gin-vue-admin 存在权限许可和访问控制问题漏洞，该漏洞源于 setUserInfo 函数缺少身份验证，低权限用户可以修改高权限用户。

N/A

N/A