Unrated severityNVD Advisory· Published Feb 9, 2022· Updated Apr 22, 2025
Missing authorization in gin-vue-admin
CVE-2022-21660
Description
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the setUserInfo function. Users are advised to update as soon as possible. There are no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.4.7+ 1 more
- (no CPE)range: <2.4.7
- (no CPE)range: < 2.4.7
Patches
Vulnerability mechanics
References
1- github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-xxvh-9c87-pqjxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.