| 标题 | eladmin 2.7 Improper Access Controls |
|---|
| 描述 | The PUT /api/roles endpoint in eladmin v2.7 contains a critical authorization bypass vulnerability where attackers caneither demote high-privileged admin roles or escalate data access permissions by exploiting insufficient validationin the getLevels() method, which only checks if the submitted level value is greater than or equal to the user'scurrent level without verifying the target role's original permissions, allowing lower-privileged users (e.g.,level=3) to modify higher-privileged roles (e.g., level=1) by submitting a request with a level matching their own,while completely omitting the level field bypasses all checks and lets attackers arbitrarily modify the dataScopefield to "全部" (all data access) or other values, effectively enabling privilege escalation, unauthorized roledemotion, and global data access through direct manipulation of these unprotected parameters. |
|---|
| 来源 | ⚠️ https://github.com/elunez/eladmin/issues/898 |
|---|
| 用户 | AliceS614 (UID 94277) |
|---|
| 提交 | 2026-04-24 16時24分 (3 月前) |
|---|
| 管理 | 2026-05-23 08時31分 (29 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 361917 [eladmin 直到 2.7 Users API Endpoint UserController.java checkLevel 权限提升] |
|---|
| 积分 | 0 |
|---|