Vulnerabilities > CVE-2023-0674 - Unspecified vulnerability in Xuxueli Xxl-Job 2.3.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

xuxueli

NVD

Published: 2023-02-04

Updated: 2024-11-21

Summary

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.

Vulnerable Configurations

Part	Description	Count
Application	Xuxueli Xuxueli XXL JOB 2.3.1	1

References

https://github.com/boyi0508/xxl-job-explain/blob/main/README.md
https://github.com/boyi0508/xxl-job-explain/blob/main/README.md
https://vuldb.com/?ctiid.220196
https://vuldb.com/?ctiid.220196
https://vuldb.com/?id.220196
https://vuldb.com/?id.220196