Description
A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. The attack may be launched remotely. Upgrading to version 7.3.6 is able to address this issue. The patch is identified as 8d521bbf531de59b09b8629a9cbf667870ad2541. It is recommended to upgrade the affected component.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.316250
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.316250
Issue Tracking issue-tracking
https://gitee.com/dromara/northstar/issues/ICCQ4E
Issue Tracking issue-tracking
https://gitee.com/dromara/northstar/issues/ICCQ4E#note_42855013_link
Release Notes patch
https://gitee.com/dromara/northstar/releases/tag/v7.3.6
Scores
CVSS v3
6.3
EPSS
0.0024
EPSS Percentile
47.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-284
Status
published
Products (7)
Dromara/Northstar
7.3.0
Dromara/Northstar
7.3.1
Dromara/Northstar
7.3.2
Dromara/Northstar
7.3.3
Dromara/Northstar
7.3.4
Dromara/Northstar
7.3.5
Dromara/Northstar
7.3.6
Published
Jul 14, 2025
Tracked Since
Feb 18, 2026