Primary

Context

Youlai Boot Improper Access Control Vulnerability in User Data Retrieval Function

Vulnerability

A vulnerability exists in Youlai Boot version 2.21.1 prior to 3.2.0, allowing users to access sensitive information of other users due to incorrect access control in the 'getUserFormData' function. The issue arises because the function does not perform necessary permission checks, enabling users to retrieve data by inputting another user's ID.

Impact

Exploitation of this vulnerability allows unauthorized access to other users' sensitive information.

Reproduction

The vulnerability can be reproduced by logging in as a user with limited access rights and using the 'getUserForm' API endpoint. By altering the user ID parameter, it is possible to access the form data of other users, bypassing the lack of authorization checks.

Remediation

It is recommended to implement proper authorization checks in the 'getUserFormData' function to ensure that users can only access their own information.

Added: Nov 26, 2025, 6:21 PM

Updated: Nov 26, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Youlai Boot Improper Access Control Vulnerability in User Data Retrieval Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating