Primary

Context

JobX Authentication Bypass Vulnerability Allowing Access to Sensitive API

Vulnerability

An authentication bypass vulnerability has been identified in JobX versions through 1.0.1-RELEASE. This vulnerability allows attackers to access sensitive APIs without a token by exploiting the preHandle function in the SecurityHandlerInterceptor class. The issue arises from improper access control, where the request path can be manipulated to bypass authentication checks.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive API endpoints, potentially leading to exposure of confidential user information.

Reproduction

To reproduce this vulnerability, first ensure that the contextPath configuration is set to a non-empty value, such as '/demo'. Then, access the API endpoint '/demo/user/get.do' directly, which will result in a redirect. Instead, use the '/login/../demo/user/get.do' path to bypass the authentication check and gain access to user information.

Added: Aug 20, 2025, 3:25 PM

Updated: Aug 20, 2025, 4:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JobX Authentication Bypass Vulnerability Allowing Access to Sensitive API

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating