// For flags

CVE-2022-21660

Missing authorization in gin-vue-admin

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds.

Gin-vue-admin es un sistema de administración de bambalinas basado en vue y gin. En versiones anteriores a 2.4.7, los usuarios poco privilegiados pueden modificar a usuarios con mayores privilegios. Falta la autenticación en la función "setUserInfo". Es recomendado a usuarios actualizar lo antes posible. No se presentan medidas de mitigación conocidas

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-11-16 CVE Reserved
  • 2022-01-10 First Exploit
  • 2022-02-09 CVE Published
  • 2023-09-02 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gin-vue-admin Project
Search vendor "Gin-vue-admin Project"
 Gin-vue-admin
Search vendor "Gin-vue-admin Project" for product "Gin-vue-admin"
 <= 2.4.6
Search vendor "Gin-vue-admin Project" for product "Gin-vue-admin" and version " <= 2.4.6"
-
Affected