| عنوان | jeecgboot JeecgBoot 3.9.1 Improper Authentication |
|---|
| الوصف | An API request authentication weakness exists in JeecgBoot OpenAPI gateway.
The OpenAPI endpoint /openapi/call/{path} validates requests using a signature computed as:
md5(appKey + secretKey + timestamp)
However, the signature does not include critical request components such as HTTP method, request path, query parameters, or request body. As a result, the integrity of the actual API request is not protected.
Source-level chain:
/openapi/call/{path}
→ ApiAuthFilter.checkSignature()
→ verifies md5(appKey + secretKey + timestamp)
→ request path, method, query and body are not included in signature
→ OpenApiController.call()
→ internal API is invoked with attacker-controlled parameters
Impact:
An attacker who can obtain or reuse a valid signed request within the timestamp validity window may modify the request path, query parameters, or JSON body without invalidating the signature.
This may allow unauthorized manipulation of API requests within the scope of the associated OpenAPI appKey, potentially affecting data integrity or performing unintended actions.
The issue is caused by an incomplete signature design that fails to bind the signature to the actual request semantics. |
|---|
| المصدر | ⚠️ https://github.com/jeecgboot/jeecg-boot |
|---|
| المستخدم | feng123123 (UID 95215) |
|---|
| ارسال | 26/04/2026 07:38 AM (1 شهر منذ) |
|---|
| الاعتدال | 23/05/2026 04:12 PM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365337 [JeecgBoot 3.9.1 OpenAPI Endpoint /openapi/call/ توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|