CVE 2022-40036
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.
See the
CVE page on Mitre.org
for more details.