JeecgBoot Privilege Escalation Vulnerability in SysUser Component

A vulnerability allowing privilege escalation has been identified in JeecgBoot versions prior to 3.9.2. The issue resides in the SysUser component, specifically within the user.getUsername function of the userEdit endpoint. The vulnerability arises from improper access control related to the userIdentity argument, which can be manipulated to gain unauthorized privileges. This flaw can be exploited remotely, and the details of the exploitation have been made public.

Impact

Exploitation of this vulnerability allows a user to escalate privileges, enabling them to access functionalities and data that are normally restricted. In this case, a user can gain the privileges of a department supervisor, including access to sensitive departmental information and the ability to manage department members.

Reproduction

The vulnerability can be reproduced by a user with a standard member role (userIdentity=1) who sends a request to the userEdit endpoint. This request must include a userIdentity value of 2, which is reserved for department supervisors. Once the request is processed, the user can then access supervisor-level privileges, including the ability to view and manage all members of their department.

Remediation

Users are advised to upgrade to JeecgBoot version 3.9.2 or later, where this vulnerability has been addressed.