CVE-2023-1784 - OpenCVE

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jeecg	Jeecg Boot

Configuration 1 [-]

cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*

References

Link	Resource
https://note.youdao.com/ynoteshare/index.html?id=7eb8fc804ea3544d8add43749a09173e	Broken Link
https://vuldb.com/?ctiid.224699	Permissions Required Third Party Advisory
https://vuldb.com/?id.224699	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-03-31T20:00:05.366Z

Updated: 2023-10-21T14:23:22.793Z

Reserved: 2023-03-31T19:37:13.606Z

Link: CVE-2023-1784

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-31T20:15:07.277

Modified: 2024-05-17T02:18:26.520

Link: CVE-2023-1784

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1784", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-31T19:37:13.606Z", "datePublished": "2023-03-31T20:00:05.366Z", "dateUpdated": "2023-10-21T14:23:22.793Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T14:23:22.793Z"}, "title": "jeecg-boot API Documentation improper authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "affected": [{"vendor": "n/a", "product": "jeecg-boot", "versions": [{"version": "3.5.0", "status": "affected"}], "modules": ["API Documentation"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in jeecg-boot 3.5.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente API Documentation. Mit der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-03-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-31T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-21T09:40:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "t1nk3rl94e (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.224699", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.224699", "tags": ["signature", "permissions-required"]}, {"url": "https://note.youdao.com/ynoteshare/index.html?id=7eb8fc804ea3544d8add43749a09173e", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FEDFF952-7B1F-44EB-98BA-265CB22D6FB3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699."}], "id": "CVE-2023-1784", "lastModified": "2024-05-17T02:18:26.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-03-31T20:15:07.277", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://note.youdao.com/ynoteshare/index.html?id=7eb8fc804ea3544d8add43749a09173e"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.224699"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.224699"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "cna@vuldb.com", "type": "Secondary"}]}