XXL-JOB is a lightweight distributed task scheduling platform whose core design goals are rapid development, simple learning, lightweight, and easy scalability. XXL-JOB version 2.3.0 is vulnerable to cross-site request forgery due to a lack of filtering and restrictions in the component /gaia-job-admin/user/add. An attacker could exploit this vulnerability to create arbitrary administrator accounts.
CPE | Name | Operator | Version |
---|---|---|---|
xxl-job xxl-job | eq | 2.3.0 |