| タイトル | jeecgboot JeecgBoot 3.9.1 Improper Authentication |
|---|
| 説明 | An API request authentication weakness exists in JeecgBoot OpenAPI gateway.
The OpenAPI endpoint /openapi/call/{path} validates requests using a signature computed as:
md5(appKey + secretKey + timestamp)
However, the signature does not include critical request components such as HTTP method, request path, query parameters, or request body. As a result, the integrity of the actual API request is not protected.
Source-level chain:
/openapi/call/{path}
→ ApiAuthFilter.checkSignature()
→ verifies md5(appKey + secretKey + timestamp)
→ request path, method, query and body are not included in signature
→ OpenApiController.call()
→ internal API is invoked with attacker-controlled parameters
Impact:
An attacker who can obtain or reuse a valid signed request within the timestamp validity window may modify the request path, query parameters, or JSON body without invalidating the signature.
This may allow unauthorized manipulation of API requests within the scope of the associated OpenAPI appKey, potentially affecting data integrity or performing unintended actions.
The issue is caused by an incomplete signature design that fails to bind the signature to the actual request semantics. |
|---|
| ソース | ⚠️ https://github.com/jeecgboot/jeecg-boot |
|---|
| ユーザー | feng123123 (UID 95215) |
|---|
| 送信 | 2026年04月26日 07:38 (1 月 ago) |
|---|
| モデレーション | 2026年05月23日 16:12 (27 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 365337 [JeecgBoot 3.9.1 OpenAPI Endpoint /openapi/call/ 弱い認証] |
|---|
| ポイント | 20 |
|---|