Lucene search
HistoryAug 19, 2022 - 10:15 p.m.
CVE-2022-36157
cve-2022-36157
xxl-job
vulnerability
insecure permissions
admin function
low privilege account
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
Affected configurations
Node
xuxuelixxl-jobRange≤2.3.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| xuxueli:xxl-job | xuxueli xxl-job | le | 2.3.1 |
Social References
More
Related
github
github
Improper Privilege Management in com.xuxueli:xxl-job
2022-08-20 00:00:30
cnvd
cnvd
XXL-JOB authorization issue vulnerability
2022-08-23 00:00:00
prion
prion
Code injection
2022-08-19 22:15:00
osv
osv
Improper Privilege Management in com.xuxueli:xxl-job
2022-08-20 00:00:30
CVE-2022-36157
2022-08-19 22:15:09
cvelist
cvelist
CVE-2022-36157
2022-08-19 21:05:20
nvd
nvd
CVE-2022-36157
2022-08-19 22:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%
Related for CVE-2022-36157