JeecgBoot Missing Authentication Vulnerability in AI Chat Module

A critical vulnerability exists in JeecgBoot versions 3.9.0 and 3.9.1 within the AI Chat module. The issue arises in the 'sendWithDefault()' method of the 'AiragChatServiceImpl' class, where sensitive business tools are loaded without verifying the user's authentication status. This flaw allows unauthenticated users to access tools that can create backdoor accounts with admin privileges, potentially leading to a full system takeover. The vulnerability is present in an endpoint designed for public use, but the lack of authentication checks for default application users creates a significant security risk.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive AI chat tools that can manipulate user roles and create backdoor accounts with administrative privileges, leading to a complete takeover of the system.

Reproduction

The vulnerability can be reproduced by sending a request to the '/airag/chat/send' endpoint without authentication. This can be done using a script or a tool like curl. Once the request is sent, the default tools will be loaded, including those that can query user information, create new users, and grant roles.

Remediation

A patch has been applied to add the necessary authentication checks before loading sensitive tools. This patch is included in the latest version of JeecgBoot.