Описание
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.1 (включая)
cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00042
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
EPSS
Процентиль: 12%
0.00042
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-918