CNNVD-202511-2870 Information

CNNVD ID

CNNVD-202511-2870

Related CVE

CVE-2025-55471

• CNNVD Published: 2025-11-26

Description (Chinese)

youlai-boot是中国youlaiorg开源的一个权限管理系统。 youlai-boot v2.21.1版本存在安全漏洞，该漏洞源于getUserFormData函数访问控制不当，可能导致信息泄露。

Description (English)

Youlai-boot is a rights management system for the open source of youlaiorg in China. There is a security loophole in version youlai-boot v2.21.1, which stems from inappropriate access controls in the GetUserFormData function, which may lead to the disclosure of information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

youlaiorg

Published

2025-11-26

Last Modified

2026-02-24

References

https://gitee.com/youlaiorg/youlai-boot https://gist.github.com/old6ma/08d83e5aa7d47e7ff18b23337ccd1f1d https://gitee.com/youlaiorg/youlai-boot/issues/ICFBW8 https://access.redhat.com/security/cve/cve-2025-55471

Patch

https://gitee.com/youlaiorg/youlai-boot/releases