Xxl-job Security Vulnerabilities and Issues — Xxl-job CVE List

Lucene search

XuxueliXxl-job

5 matches found

CVE•added 2022/09/28 6:15 p.m.•101 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

9.8CVSS9.6AI score0.0019EPSS

CVE•added 2022/06/03 9:15 p.m.•91 views

CVE-2022-29770

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.

5.4CVSS5.2AI score0.00266EPSS

CVE•added 2022/05/23 9:16 p.m.•75 views

CVE-2022-29002

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.

8.8CVSS8.6AI score0.00112EPSS

CVE•added 2022/11/17 9:15 p.m.•62 views

CVE-2022-43183

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

8.8CVSS8.6AI score0.18025EPSS

CVE•added 2022/08/19 10:15 p.m.•60 views

CVE-2022-36157

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.

8.8CVSS8.7AI score0.09014EPSS