GHSA-443m-3fr6-w8wj

Source

https://github.com/advisories/GHSA-443m-3fr6-w8wj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-443m-3fr6-w8wj/GHSA-443m-3fr6-w8wj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-443m-3fr6-w8wj

Aliases

CVE-2023-36106

Published

2023-08-17T21:30:53Z

Modified

2024-10-09T19:23:02.667674Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

PowerJob incorrect access control vulnerability

Details

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.

Database specific

{
    "severity": "HIGH",
    "github_reviewed_at": "2023-08-18T21:51:35Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "nvd_published_at": "2023-08-17T20:15:10Z",
    "github_reviewed": true
}

References

Affected packages

Maven / tech.powerjob:powerjob

Package

Name: tech.powerjob:powerjob; View open source insights on deps.dev
Purl: pkg:maven/tech.powerjob/powerjob

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.3.2

Affected versions

3.*

3.0.0

4.*

4.0.0

4.3.1

4.3.1-bugfix

4.3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-443m-3fr6-w8wj/GHSA-443m-3fr6-w8wj.json"