shenyu-admin is vulnerable to privilege escalation. The vulnerability exists in modifyPassword
function in DashboardUserController.java
because it allows a low-permission administrator to modify high-permission administrator passwords which allows the attacker to perform unauthorized actions.