An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.