CVE-2022-21660

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-21660

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21660.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-21660

Aliases

GHSA-xxvh-9c87-pqjx

Published

2022-02-09T19:55:09Z

Modified

2025-11-28T03:17:35.314316Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Missing authorization in gin-vue-admin

Details

Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21660.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/flipped-aurora/gin-vue-admin

Affected ranges

Type: GIT
Repo: https://github.com/flipped-aurora/gin-vue-admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

382ae1f5ec66e784afbaeea8c960944e38e76a5b

Affected versions

V2.*

V2.3.1

V2.3.7

V2.4.4

v.*

v.2.3.41

v0.*

v0.9.0

v2.*

v2.0.0

v2.0.2

v2.0.3

v2.0.4

v2.1.0

v2.2.0

v2.3.0

v2.3.3

v2.3.31

v2.3.4

v2.3.5

v2.3.6

v2.3.8

v2.3.9

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.4-1

v2.4.5

v2.4.5Beta

v2.4.5RC

v2.4.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21660.json"