An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.1 |
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.1 |
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.1 |
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.1 |
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.2 |
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | 4.3.3 |
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| powerjob | powerjob | * |