| Titel | JEPaaS v7.2.8 Access Control Check Implemented After Asset is Accessed |
|---|
| Beschreibung | In JEPaaS, the SessionFilter serves as the login validation filter. Due to flaws in the filter, it is possible to bypass it and directly access the interface.
poc: /error/.%2e;/je/rbac/rbac/queryUser |
|---|
| Quelle | ⚠️ https://github.com/c3p0ooo-Yiqiyin/JEPaaS-Access-control-bypass-vulnerability/blob/main/README.md |
|---|
| Benutzer | c3p0ooo_Yiqiyin (UID 44113) |
|---|
| Einreichung | 27.08.2025 11:09 (vor 8 Monaten) |
|---|
| Moderieren | 10.09.2025 21:10 (14 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323547 [JEPaaS 7.2.8 Filter doFilterInternal erweiterte Rechte] |
|---|
| Punkte | 16 |
|---|