diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java
index 0548ee872f..7b7da40432 100644
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -168,6 +168,9 @@ public class UserController {
 
     @GetMapping("/info/{userId}")
     public UserDTO getUserInfo(@PathVariable(value = "userId") String userId) {
+        if (!StringUtils.equals(userId, SessionUtils.getUserId())) {
+            MSException.throwException(Translator.get("not_authorized"));
+        }
         return userService.getUserInfo(userId);
     }
 
diff --git a/backend/src/main/java/io/metersphere/xpack b/backend/src/main/java/io/metersphere/xpack
index 9f4a9bbf46..068127ce59 160000
--- a/backend/src/main/java/io/metersphere/xpack
+++ b/backend/src/main/java/io/metersphere/xpack
@@ -1 +1 @@
-Subproject commit 9f4a9bbf46fc1333dbcccea21f83e27e3ec10b1f
+Subproject commit 068127ce59ea8b016434ed52a9de4a7a4b13bdb4
diff --git a/frontend/src/business/components/xpack b/frontend/src/business/components/xpack
index 010ad7a5f0..7d43154a7c 160000
--- a/frontend/src/business/components/xpack
+++ b/frontend/src/business/components/xpack
@@ -1 +1 @@
-Subproject commit 010ad7a5f072a5e9d368c756a2473bbd20781433
+Subproject commit 7d43154a7c19732407a8e9ace8a7d1ea13c91f36