3 matches found
CVE-2022-29002
A Cross-Site Request Forgery CSRF in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add...
CVE-2022-29002
A Cross-Site Request Forgery CSRF in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add...
CVE-2022-29002
CVE-2022-29002 affects XXL-Job v2.3.0, where CSRF in the /gaia-job-admin/user/add component allows an attacker to arbitrarily create administrator accounts. The linked sources (CNVD/OSV/GHSA/Red Hat/OSV) consistently describe lack of filtering/restrictions in that endpoint as the root cause. No r...