cbcvebase.
CVE-2023-29922
published 2023-04-19

CVE-2023-29922: PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.

PriorityP340medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EXPLOIT
EPSS
3.00%
85.7th percentile
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.

Affected

1 ranges
VendorProductVersion rangeFixed in
powerjobpowerjob

Detection & IOCsextracted from sources · hover to see the quote

url/user/save
  • Unauthenticated POST request to /user/save endpoint with JSON body containing username, phone, email, and webHook fields indicates exploitation attempt of CVE-2023-29922 authentication bypass.
  • Successful exploitation is confirmed when the HTTP 200 response body contains both '"success":true' and '"data":null' with Content-Type application/json.
  • Shodan/FOFA fingerprinting queries for exposed PowerJob instances: search for html:"PowerJob" or body="powerjob" to identify attack surface.
  • ·The vulnerable endpoint is /user/save (mapped as /user/save via the 'create user/save interface'). The access control bypass requires no authentication (PR:N), meaning any unauthenticated network request can create users.
  • ·The Nuclei template targets exactly PowerJob version 4.3.1 (CPE: cpe:2.3:a:powerjob:powerjob:4.3.1). Detections should be scoped to this version.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.