| タイトル | YunaiV yudao-cloud yudao-cloud up to 2026.01 Authentication Bypass by Primary Weakness |
|---|
| 説明 | A critical authentication bypass vulnerability exists in Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java. The vulnerability allows unauthenticated attackers to bypass the authentication system and impersonate any user by using a special "Mock Token" header, potentially leading to full system compromise.
The doFilterInternal method checks for a mock-token header and directly extracts the user ID without any environment validation or authentication, allowing attackers to forge any user identity. |
|---|
| ソース | ⚠️ https://github.com/9str0IL/CVE/issues/5 |
|---|
| ユーザー | 9str0il (UID 97218) |
|---|
| 送信 | 2026年04月16日 15:22 (2 月 ago) |
|---|
| モデレーション | 2026年05月03日 09:38 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 360886 [YunaiV yudao-cloud 迄 3.8.0 Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal mock-token 弱い認証] |
|---|
| ポイント | 20 |
|---|