JeeWMS Authentication Bypass Vulnerability Leading to Arbitrary File Read

An authentication bypass vulnerability has been identified in JeeWMS version 771e4f5d0c01ffdeae1671be4cf102b73a3fe644, released on May 19, 2025. This vulnerability allows unauthorized users to bypass authentication mechanisms and access restricted resources. The issue arises in the 'AuthInterceptor' class, where the request URI is not properly validated, enabling attackers to manipulate the path and evade authentication. Additionally, the 'cgformTemplateController.do?showPic' API endpoint is vulnerable to arbitrary file reading due to inadequate parameter validation, allowing exploitation by crafting specific requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files on the server, potentially exposing sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to the 'wmsApiController.do' endpoint, including a crafted URI that bypasses authentication. The request should also contain the 'cgformTemplateController.do?showPic' parameter, specifying a file path that includes the target file to be read, such as '/etc/passwd'.