Lucene search
GitHub Advisory DatabaseGHSA-C352-X843-GGPQHistoryFeb 08, 2024 - 3:30 p.m.
XXL-JOB vulnerable to Server-Side Request Forgery
2024-02-0815:30:27
CWE-918
GitHub Advisory Database
github.com
5
xxl-job
server-side request forgery
vulnerability
low-privileged users
remote code execution
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
xxl-job <= 2.4.0 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
Affected configurations
Node
com.xuxueli\xxlMatchjob
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.xuxueli:xxl-job | le | 2.4.0 |
Related
cve
cve
CVE-2024-24113
2024-02-08 13:15:09
prion
prion
Server side request forgery (ssrf)
2024-02-08 13:15:00
nvd
nvd
CVE-2024-24113
2024-02-08 13:15:09
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-02-09 09:08:50
osv
osv
XXL-JOB vulnerable to Server-Side Request Forgery
2024-02-08 15:30:27
CVE-2024-24113
2024-02-08 13:15:09
cvelist
cvelist
CVE-2024-24113
2024-02-08 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
Related for GHSA-C352-X843-GGPQ