| タイトル | jeecgboot JeecgBoot <= v3.9.1 SSRF |
|---|
| 説明 | A second-order Server-Side Request Forgery (SSRF) vulnerability exists in the OpenApi service of jeecgboot_JeecgBoot. The /openapi/add endpoint lacks proper authorization (missing @RequiresPermissions) and input validation, allowing any authenticated user to inject malicious URLs into the originUrl database field. When the /openapi/call/{path} endpoint is subsequently invoked, the application retrieves the unvalidated URL and makes an outbound HTTP request using restTemplate.exchange(). This allows attackers to bypass network segmentation, scan internal network services, and exfiltrate sensitive cloud metadata or local credentials. |
|---|
| ソース | ⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9554 |
|---|
| ユーザー | Ana10gy (UID 93358) |
|---|
| 送信 | 2026年04月15日 17:16 (2 月 ago) |
|---|
| モデレーション | 2026年05月01日 13:58 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 360561 [JeecgBoot 迄 3.9.1 OpenApi Service OpenApiController.java OpenApiController.add/OpenApiController.call originUrl database 特権昇格] |
|---|
| ポイント | 20 |
|---|