CVE-2023-36106

HIGH7.5EPSS 0.16%

PowerJob incorrect access control vulnerability

Published: 8/17/2023Modified: 10/9/2024

Description

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via `appId` parameter to `/container/list`.

Affected packages (1)

Maven/tech.powerjob:powerjobfrom 0, <= 4.3.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-36106
PATCHhttps://gitee.com/KFCFans/PowerJob
WEBhttps://gist.github.com/tztdsb/a653b6db328199ec0f55e54b4e466415#file-gistfile1-txt