MidnightBSD

Advisories for powerjob

CVE-2020-28865 MEDIUM

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
powerjob powerjob *
CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.1
CVE-2023-29922

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.1
CVE-2023-29923

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.1
CVE-2023-29924

PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.1
CVE-2023-29926

PowerJob V4.3.2 has unauthorized interface that causes remote code execution.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.2
CVE-2023-36106

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
powerjob powerjob *
CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.

Products Affected

Vendor Product Version
powerjob powerjob 4.3.3
CVE-2024-44546

Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.

Products Affected

Vendor Product Version
powerjob powerjob *
CVE-2025-11580 MEDIUM

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-863,

Products Affected

Vendor Product Version
powerjob powerjob *
CVE-2025-11581 MEDIUM

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-863,

Products Affected

Vendor Product Version
powerjob powerjob *
CVE-2025-14518 MEDIUM

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
powerjob powerjob *