shenyu-admin is vulnerable to privilege escalation. The vulnerability exists in modifyPassword
function in DashboardUserController.java
because it allows a low-permission administrator to modify high-permission administrator passwords which allows the attacker to perform unauthorized actions.
CPE | Name | Operator | Version |
---|---|---|---|
shenyu-admin | le | 2.4.3 | |
shenyu-admin | le | 2.4.3 |