Vulnerabilities > CVE-2023-33779 - Unspecified vulnerability in Xuxueli Xxl-Job 2.4.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xuxueli

NVD

Published: 2023-05-26

Updated: 2023-06-02

Summary

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.

Vulnerable Configurations

Part	Description	Count
Application	Xuxueli Xuxueli XXL JOB 2.4.1	1

References

https://github.com/xuxueli/xxl-job
http://xxl-job.com
https://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.md