GHSA-9mmj-64jh-ph9c

Source

https://github.com/advisories/GHSA-9mmj-64jh-ph9c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-9mmj-64jh-ph9c/GHSA-9mmj-64jh-ph9c.json

Aliases

CVE-2023-33779

Published

2023-05-26T18:30:21Z

Modified

2024-02-16T08:23:13.759334Z

Details

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-33779
https://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.md
https://github.com/xuxueli/xxl-job
http://xxl-job.com

Affected packages

Maven / com.xuxueli:xxl-job

Package

Name: com.xuxueli:xxl-job

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Last affected

2.4.1

Affected versions

1.*

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.4.0