CVE-2021-37304
published 2023-02-03CVE-2021-37304: An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.01%
89.3th percentile
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jeecg | jeecg | <= 2.4.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /jeecg-boot/actuator/httptrace/ returns HTTP 200 with JSON body containing '"traces":[', '"headers"', and '"request":{' ↗
- →Shodan/FOFA fingerprinting: search for Jeecg-Boot instances using title-based queries to identify exposed targets ↗
- →Google dork to identify exposed Jeecg-Boot instances: intitle:"jeecg-boot" ↗
- ·Vulnerability affects Jeecg Boot versions up to and including 2.4.5; no authentication is required to access the httptrace actuator endpoint ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Insecure Permissions issue in jeecg-boot
ghsa·2023-02-03
CVE-2021-37304 [HIGH] CWE-732 Insecure Permissions issue in jeecg-boot
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
OSV
Insecure Permissions issue in jeecg-boot
osv·2023-02-03
CVE-2021-37304 [HIGH] Insecure Permissions issue in jeecg-boot
Insecure Permissions issue in jeecg-boot
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
No detection rules found.
Nuclei
Jeecg Boot <= 2.4.5 - Information Disclosure
nuclei·CVSS 7.5
CVE-2021-37304 [HIGH] Jeecg Boot <= 2.4.5 - Information Disclosure
Jeecg Boot <= 2.4.5 - Information Disclosure
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
Template:
id: CVE-2021-37304
info:
name: Jeecg Boot <= 2.4.5 - Information Disclosure
author: ritikchaddha
severity: high
description: |
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the application.
remediation: |
Upgrade Jeecg Boot to a version higher than 2.4.5 to mitigate the vulnerability.
reference:
- https://github.com/jeecgboot/jeecg-boot/issu
No writeups or analysis indexed.
2023-02-03
Published