CVE-2024-44893
📋 TL;DR
This vulnerability in JimuReport v1.7.8 allows attackers to escalate privileges via a crafted GET request to the /jeecg-boot/jmreport/dict/list endpoint. Attackers can gain unauthorized administrative access to the reporting system. Organizations using JimuReport v1.7.8 are affected.
💻 Affected Systems
- JimuReport
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain administrative privileges, potentially accessing sensitive data, modifying reports, and executing arbitrary code.
Likely Case
Attackers gain administrative access to manipulate reports, access sensitive business data, and potentially pivot to other systems.
If Mitigated
Limited impact with proper network segmentation and access controls preventing exploitation attempts.
🎯 Exploit Status
The vulnerability requires only a crafted GET request, making exploitation straightforward. No authentication is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.7.9 or later
Vendor Advisory: https://github.com/jeecgboot/JimuReport/issues/2904
Restart Required: Yes
Instructions:
1. Backup current JimuReport installation. 2. Download and install JimuReport v1.7.9 or later from official repository. 3. Restart the application server. 4. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock access to the vulnerable endpoint using WAF rules or reverse proxy configuration.
# For nginx: location ~ ^/jeecg-boot/jmreport/dict/list { deny all; }
# For Apache: <Location "/jeecg-boot/jmreport/dict/list"> Require all denied </Location>
Network Access Control
linuxRestrict network access to JimuReport instances using firewall rules.
# Example iptables rule: iptables -A INPUT -p tcp --dport 8080 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
🧯 If You Can't Patch
- Isolate JimuReport instances in a separate network segment with strict access controls.
- Implement application-level authentication and authorization checks before the vulnerable endpoint.
🔍 How to Verify
Check if Vulnerable:
Check if accessing /jeecg-boot/jmreport/dict/list returns data without proper authentication. Test with curl: curl -X GET http://[host]:[port]/jeecg-boot/jmreport/dict/listCheck Version:
Check the application version in the web interface or configuration files. For deployed WAR files: unzip -p jimureport.war META-INF/MANIFEST.MF | grep Implementation-VersionVerify Fix Applied:
After patching, the same endpoint should require proper authentication or return an error for unauthorized access.📡 Detection & Monitoring
Log Indicators:
- Unusual GET requests to /jeecg-boot/jmreport/dict/list from unexpected sources
- Multiple failed authentication attempts followed by successful access to privileged endpoints
Network Indicators:
- HTTP GET requests to the vulnerable endpoint with unusual parameters or from unauthorized IPs
SIEM Query:
source="web_server" AND (url="/jeecg-boot/jmreport/dict/list" OR url CONTAINS "jmreport/dict/list") AND (response_code=200 OR response_code=302)