You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A improper access control vulnerability exists in /api/jmeter/download/files, which allows to download any file without authentication, may leads various issues.
Details
In ShiroUtil config , Anonymous User can access /api/jmeter/download/files
author
superx@snowtech.com.cn
Summary
A improper access control vulnerability exists in
/api/jmeter/download/files
, which allows to download any file without authentication, may leads various issues.Details
In ShiroUtil config , Anonymous User can access
/api/jmeter/download/files
downloadJmeterFiles
doesn't check the filenameThe file is zipped.