CVE-2022-36157
published 2022-08-19CVE-2022-36157: XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.20%
64.3th percentile
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xuxueli | xxl-job | <= 2.3.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Privilege Management in com.xuxueli:xxl-job
ghsa·2022-08-20
CVE-2022-36157 [HIGH] CWE-269 Improper Privilege Management in com.xuxueli:xxl-job
Improper Privilege Management in com.xuxueli:xxl-job
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
OSV
Improper Privilege Management in com.xuxueli:xxl-job
osv·2022-08-20
CVE-2022-36157 [HIGH] Improper Privilege Management in com.xuxueli:xxl-job
Improper Privilege Management in com.xuxueli:xxl-job
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-19
Published