No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id without verifying the auto-export configuration flag. An unauthenticated remote attacker can enumerate Snowflake report identifiers and export the full contents of any report, including the data returned by the report configured SQL queries and any credentials embedded in its data sources. | |
| Title | JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export | |
| First Time appeared |
Jeecg
Jeecg jimureport |
|
| Weaknesses | CWE-306 | |
| CPEs | cpe:2.3:a:jeecg:jimureport:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Jeecg
Jeecg jimureport |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-01T14:44:58.120Z
Reserved: 2026-06-30T12:43:19.294Z
Link: CVE-2026-58375
Updated: 2026-07-01T14:44:49.365Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T09:15:15Z