Enviar #745508: yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Iminformación

Títuloyeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Im
DescripciónRoleController.saveRolePermission modifies role permissions without authorization checks. Any logged-in user can expand permissions for any role, which effectively breaks the authorization model. Attackers can grant themselves high-risk permissions (e.g., user/role/permission management), leading to persistent privilege escalation and broad access to sensitive data and actions.
Fuente⚠️ https://github.com/yeqifu/warehouse/issues/52
Usuario
 AliceS614 (UID 94277)
Sumisión2026-01-23 10:44 (hace 5 meses)
Moderación2026-02-06 08:50 (14 days later)
EstadoAceptado
Entrada de VulDB344641 [yeqifu warehouse hasta aaf29962ba407d22d991781de28796ee7b4670e4 Role-Permission Binding RoleController.java saveRolePermission escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!