Veal98 Echo Improper Authorization Vulnerability in Ticket Handler Component

Vulnerability

A vulnerability exists in Veal98 Echo Open Source Community System version 4.2, specifically within the Ticket Handler component. The issue arises in the 'preHandle' function of the 'LoginTicketInterceptor.java' file, where improper authorization allows unauthorized access to protected routes or API interfaces. This vulnerability can be exploited remotely, bypassing the security interceptor middleware.

Impact

Exploitation of this vulnerability allows for improper authorization, enabling unauthorized access to protected resources or APIs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Veal98 Echo Improper Authorization Vulnerability in Ticket Handler Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating