Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-37304: [security issue] The jeecg-boot version is less than or equal to 2.4.5 httptrace interface has unauthorized access and leaks sensitive information such as user cookies · Issue #2793 · jeecgboot/jeec

An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.

CVE
Open in Source
#vulnerability#auth

版本号:

2.4.5

问题描述:

Unauthorized access to the httptrace interface reveals sensitive information such as user cookies

截图&代码:

api interface
http://Ip:8080/jeecg-boot/actuator/httptrace/
This interface does not require any login permissions
local demo

Many jeecg-boot frameworks have such vulnerabilities, such as

The leaked information includes client IP, browser useragent, cookie, token, etc.

友情提示: 未按格式要求发帖,会直接删掉。

Related news

GHSA-rwhw-6c6r-2823: Insecure Permissions issue in jeecg-boot

An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE