Xxl-job@* Security Vulnerabilities and Issues — Xxl-job@* CVE List

Lucene search

XuxueliXxl-job*

5 matches found

CVE•added 2024/02/08 1:15 p.m.•157 views

CVE-2024-24113

xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.

8.8CVSS8.6AI score0.00073EPSS

CVE•added 2022/11/17 9:15 p.m.•62 views

CVE-2022-43183

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

8.8CVSS8.6AI score0.18025EPSS

CVE•added 2022/08/19 10:15 p.m.•60 views

CVE-2022-36157

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.

8.8CVSS8.7AI score0.09014EPSS

CVE•added 2024/04/06 11:15 a.m.•57 views

CVE-2024-3366

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to t...

9.8CVSS4.2AI score0.00081EPSS

CVE•added 2023/04/10 5:15 a.m.•30 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.

6.1CVSS6.2AI score0.00122EPSS