Insecure Permissions in XXL-JOB by XXL Software
CVE-2022-36157

8.8HIGH

Key Information:

Vendor: Xuxueli
Status: Xxl-job
Vendor: CVE Published:; 19 August 2022

What is CVE-2022-36157?

XXL-JOB, a product by XXL Software, is subject to a vulnerability that allows users with low privilege accounts to execute administrative functions due to insecure permission settings. This oversight can lead to unauthorized access and control over critical system functionalities, making it essential for users to review their security settings and apply necessary patches to maintain system integrity.

References

https://github.com/Richard-Muzi/vulnerability/issues/1

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2022
Vulnerability Reserved
Jul 18, 2022

Xuxueli

What is CVE-2022-36157?

References

EPSS Score

CVSS V3.1

Timeline