[security issue] The jeecg-boot version is less than or equal to 2.4.5 httptrace interface has unauthorized access and leaks sensitive information such as user cookies
#2793
Closed
myzing00 opened this issue
Jul 15, 2021
· 1 comment
Unauthorized access to the httptrace interface reveals sensitive information such as user cookies
截图&代码:
api interface http://Ip:8080/jeecg-boot/actuator/httptrace/
This interface does not require any login permissions
local demo
Many jeecg-boot frameworks have such vulnerabilities, such as
The leaked information includes client IP, browser useragent, cookie, token, etc.
友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered:
版本号:
2.4.5

问题描述:
Unauthorized access to the httptrace interface reveals sensitive information such as user cookies
截图&代码:
api interface


http://Ip:8080/jeecg-boot/actuator/httptrace/
This interface does not require any login permissions
local demo
Many jeecg-boot frameworks have such vulnerabilities, such as
The leaked information includes client IP, browser useragent, cookie, token, etc.
友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered: