Youlai Boot Privilege Escalation Vulnerability

A vulnerability in Youlai Boot version 2.21.1 allows attackers to escalate privileges and gain unauthorized access to the Administrator backend. This issue arises from improper access control, as certain interfaces lack necessary authorization checks, enabling regular users to manipulate menu visibility and role statuses arbitrarily.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in role management, allowing users to disable or modify roles without proper authorization.

Reproduction

The vulnerability can be reproduced by logging in as a regular user and accessing the role management interface. Without the necessary permissions, the user can still modify the status of roles, such as disabling an administrator role, which disrupts access to the administrative interface.

Remediation

It is recommended to update to Youlai Boot version 3.2.0 or later, where this vulnerability has been addressed.