Lucene search

[email protected]CVE-2022-40929

HistorySep 28, 2022 - 6:15 p.m.

CVE-2022-40929

2022-09-2818:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-40929

xxl-job

command execution

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

Affected configurations

NVD

Node

xuxuelixxl-jobMatch2.2.0

CPENameOperatorVersion
xuxueli:xxl-jobxuxueli xxl-jobeq2.2.0

CPE	Name	Operator	Version
xuxueli:xxl-job	xuxueli xxl-job	eq	2.2.0

References

github.com/xuxueli/xxl-job/issues/2979

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.1%

JSON

Related for CVE-2022-40929

osv2 prion1 cvelist1 veracode1 nvd1 github1