| Title | JEPaaS v7.2.8 Access Control Check Implemented After Asset is Accessed |
|---|
| Description | In JEPaaS, the SessionFilter serves as the login validation filter. Due to flaws in the filter, it is possible to bypass it and directly access the interface.
poc: /error/.%2e;/je/rbac/rbac/queryUser |
|---|
| Source | ⚠️ https://github.com/c3p0ooo-Yiqiyin/JEPaaS-Access-control-bypass-vulnerability/blob/main/README.md |
|---|
| User | c3p0ooo_Yiqiyin (UID 44113) |
|---|
| Submission | 08/27/2025 11:09 (7 months ago) |
|---|
| Moderation | 09/10/2025 21:10 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323547 [JEPaaS 7.2.8 Filter doFilterInternal access control] |
|---|
| Points | 16 |
|---|