Jantent Authentication Bypass Vulnerability Allowing Access to Sensitive APIs

An authentication bypass vulnerability has been identified in Jantent version 1.1. This issue allows attackers to access sensitive APIs, specifically the '/admin/' API, without a valid token. The vulnerability arises from improper access control in the 'springboot.interceptor.BaseInterceptor' class, where the 'preHandle' function fails to correctly validate request paths. Exploitation can be achieved by manipulating the request URI to bypass authentication checks, enabling unauthorized access to admin functionalities, such as deleting articles.

Impact

Exploitation of this vulnerability allows for unauthorized access to admin APIs, bypassing authentication requirements. This could lead to unauthorized actions being performed on behalf of an admin, such as deleting content.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/article/delete' endpoint without an authentication token. The request will be redirected to the login page, indicating that authentication is required. However, if the request URI is modified to include '../' to traverse directories, the authentication check can be bypassed. This allows access to the delete article functionality, which can be exploited to delete multiple articles by iterating through their identifiers.