Submeter #754429: warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controlsinformação

Títulowarehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
DescriçãoCustomer, provider, and goods CRUD endpoints do not enforce permissions(add/delate/update). Any logged-in user can alter or delete core business data, resulting in integrity loss, fraudulent records, and potential operational disruption. Proper role-based access control should be enforced for each action, with validation of ownership where applicable.
Fonte⚠️ https://github.com/yeqifu/warehouse/issues/61
Utilizador
 AliceS614 (UID 94277)
Submissão09/02/2026 05h55 (há 5 meses)
Moderação20/02/2026 10h01 (11 days later)
EstadoAceite
Entrada VulDB347086 [yeqifu warehouse até aaf29962ba407d22d991781de28796ee7b4670e4 Customer Endpoint CustomerController.java addCustomer/updateCustomer/deleteCustomer Elevação de Privilégios]
Pontos18

Do you want to use VulDB in your project?

Use the official API to access entries easily!