CVE-2023-33779
published 2023-05-26CVE-2023-33779: A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request…
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.13%
62.3th percentile
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xuxueli | xxl-job | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Privilege escalation in XXL-Job
osv·2023-05-26
CVE-2023-33779 [HIGH] Privilege escalation in XXL-Job
Privilege escalation in XXL-Job
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component `/jobinfo/`.
GHSA
Privilege escalation in XXL-Job
ghsa·2023-05-26
CVE-2023-33779 [HIGH] CWE-863 Privilege escalation in XXL-Job
Privilege escalation in XXL-Job
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component `/jobinfo/`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://xxl-job.comhttps://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.mdhttps://github.com/xuxueli/xxl-jobhttp://xxl-job.comhttps://github.com/silence-silence/xxl-job-lateral-privilege-escalation-vulnerability-/blob/main/README.mdhttps://github.com/xuxueli/xxl-job
2023-05-26
Published