CVE-2023-33779

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33779

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33779.json

Aliases

GHSA-9mmj-64jh-ph9c

Published

2023-05-26T17:15:18Z

Modified

2024-04-18T01:00:31.716059Z

Details

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.

References

https://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.md
http://xxl-job.com
https://github.com/xuxueli/xxl-job

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type: GIT
Repo: https://github.com/xuxueli/xxl-job
Events: Introduced

0The exact introduced commit is unknown

Last affected

92577cc33e3974a2f46d9223ed9a405a03c8ee1d

Affected versions

1.*

1.0.0.0

2.*

2.0.2

2.1.0

2.1.1

2.1.2

2.3.0

2.3.1

2.4.0

2.4.1

v1.*

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v1.9.2

v2.*

v2.0.0

v2.0.1

v2.2.0