CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24113
https://notcve.org/view.php?id=CVE-2024-24113
08 Feb 2024 — xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. xxl-job =< 2.4.1 tiene una vulnerabilidad de Server-Side Request Forgery (SSRF), que hace que los usuarios con pocos privilegios controlen el ejecutor de RCE. • https://github.com/xuxueli/xxl-job/issues/3375 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27087
https://notcve.org/view.php?id=CVE-2023-27087
21 Mar 2023 — Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. • https://github.com/xuxueli/xxl-job/issues/3096 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0674 – XXL-JOB New Password updatePwd cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-0674
04 Feb 2023 — A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/boyi0508/xxl-job-explain/blob/main/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43183
https://notcve.org/view.php?id=CVE-2022-43183
17 Nov 2022 — XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. XXL-Job anterior a v2.3.1 contiene un Server-Side Request Forgery (SSRF) a través del componente /admin/controller/JobLogController.java. • https://github.com/xuxueli/xxl-job/issues/3002 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36157
https://notcve.org/view.php?id=CVE-2022-36157
19 Aug 2022 — XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. XXL-JOB todas las versiones a partir del 11 de julio de 2022, son vulnerables a Permisos Inseguros resultando en una capacidad de ejecutar la función de administrador con una cuenta de bajo Privilegio. • https://github.com/Richard-Muzi/vulnerability/issues/1 • CWE-269: Improper Privilege Management •