| 标题 | jeecgboot JeecgBoot 3.9.1 Improper Authentication |
|---|
| 描述 | An API request authentication weakness exists in JeecgBoot OpenAPI gateway.
The OpenAPI endpoint /openapi/call/{path} validates requests using a signature computed as:
md5(appKey + secretKey + timestamp)
However, the signature does not include critical request components such as HTTP method, request path, query parameters, or request body. As a result, the integrity of the actual API request is not protected.
Source-level chain:
/openapi/call/{path}
→ ApiAuthFilter.checkSignature()
→ verifies md5(appKey + secretKey + timestamp)
→ request path, method, query and body are not included in signature
→ OpenApiController.call()
→ internal API is invoked with attacker-controlled parameters
Impact:
An attacker who can obtain or reuse a valid signed request within the timestamp validity window may modify the request path, query parameters, or JSON body without invalidating the signature.
This may allow unauthorized manipulation of API requests within the scope of the associated OpenAPI appKey, potentially affecting data integrity or performing unintended actions.
The issue is caused by an incomplete signature design that fails to bind the signature to the actual request semantics. |
|---|
| 来源 | ⚠️ https://github.com/jeecgboot/jeecg-boot |
|---|
| 用户 | feng123123 (UID 95215) |
|---|
| 提交 | 2026-04-26 07時38分 (1 月前) |
|---|
| 管理 | 2026-05-23 16時12分 (27 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365337 [JeecgBoot 3.9.1 OpenAPI Endpoint /openapi/call/ 弱身份验证] |
|---|
| 积分 | 20 |
|---|