Cross Site Request Forgery Vulnerability in XXL-Job by Xuxueli
CVE-2020-24922

8.8HIGH

Key Information:

Vendor: Xuxueli
Status: Xxl-job
Vendor: CVE Published:; 11 August 2023

What is CVE-2020-24922?

A Cross Site Request Forgery (CSRF) vulnerability exists in the user add functionality of the XXL-Job version 2.2.0 by Xuxueli. This flaw allows remote attackers to exploit the vulnerability by using a crafted HTML file, leading to the potential execution of arbitrary code and privilege escalation. It is essential for users to upgrade to secure versions and implement appropriate security measures to mitigate the risk.

References

https://github.com/xuxueli/xxl-job/issues/1921

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Aug 28, 2020