CVE-2023-36106

HIGH7.5EPSS 0.16%

PowerJob incorrect access control vulnerability

發布日:2023/8/17修改日:2024/10/9

描述

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via `appId` parameter to `/container/list`.

受影響套件(1)

Maven/tech.powerjob:powerjobfrom 0, <= 4.3.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-36106
PATCHhttps://gitee.com/KFCFans/PowerJob
WEBhttps://gist.github.com/tztdsb/a653b6db328199ec0f55e54b4e466415#file-gistfile1-txt