关键漏洞信息 Title: yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls Description: Role create/update/delete endpoints are exposed to any authenticated user. Attackers can delete critical roles, create new privileged roles, or modify existing roles to alter access control for multiple users. This enables broad privilege escalation and operational disruption. Source: https://github.com/yeqifu/warehouse/issues/54 User: AliceS614 (UID 94277) Submission Date: 01/23/2026 10:45 AM Moderation Date: 02/06/2026 08:57 AM Status: Accepted VulDB Entry: 344643 [yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Role Management RoleController.java addRole/updateRole/deleteRole improper authorization] Points: 17