Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NDNtLTNmcjYtdzh3as4AA1Xk
PowerJob incorrect access control vulnerability
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NDNtLTNmcjYtdzh3as4AA1Xk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 9 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-443m-3fr6-w8wj, CVE-2023-36106
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36106
- https://gist.github.com/tztdsb/a653b6db328199ec0f55e54b4e466415#file-gistfile1-txt
- https://gitee.com/KFCFans/PowerJob
- https://github.com/advisories/GHSA-443m-3fr6-w8wj
Affected Packages
maven:tech.powerjob:powerjob
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 4.3.2
No known fixed version
All affected versions: 3.0.0, 4.0.0, 4.3.1, 4.3.2