إرسال #642413: JEPaaS v7.2.8 Access Control Check Implemented After Asset is Accessedالمعلومات

عنوانJEPaaS v7.2.8 Access Control Check Implemented After Asset is Accessed
الوصفIn JEPaaS, the SessionFilter serves as the login validation filter. Due to flaws in the filter, it is possible to bypass it and directly access the interface. poc: /error/.%2e;/je/rbac/rbac/queryUser
المصدر⚠️ https://github.com/c3p0ooo-Yiqiyin/JEPaaS-Access-control-bypass-vulnerability/blob/main/README.md
المستخدم
 c3p0ooo_Yiqiyin (UID 44113)
ارسال27/08/2025 11:09 AM (8 أشهر منذ)
الاعتدال10/09/2025 09:10 PM (14 days later)
الحالةتمت الموافقة
إدخال VulDB323547 [JEPaaS 7.2.8 Filter doFilterInternal تجاوز الصلاحيات]
النقاط16

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!