Vulnerabilities > Xuxueli > XXL JOB > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-42681 Incorrect Default Permissions vulnerability in Xuxueli Xxl-Job 2.4.1
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
network
low complexity
xuxueli CWE-276
8.8
8.8
2024-02-08 CVE-2024-24113 Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
network
low complexity
xuxueli CWE-918
8.8
8.8
2023-05-26 CVE-2023-33779 Unspecified vulnerability in Xuxueli Xxl-Job 2.4.1
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
network
low complexity
xuxueli
8.8
8.8