XXL-JOB New Password updatePwd cross-site request forgery
CVE-2023-0674

6.5MEDIUM

Key Information:

Vendor: Xuxueli
Status: XXL-JOB
Vendor: CVE Published:; 4 February 2023

What is CVE-2023-0674?

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.

Affected Version(s)

XXL-JOB 2.3.1

References

https://vuldb.com/?id.220196

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220196

signaturepermissions-required

https://github.com/boyi0508/xxl-job-explain/blob/main/REA...

broken-linkexploit

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2023
Vulnerability Reserved
Feb 4, 2023

Credit

boyi (VulDB User)

Xuxueli

What is CVE-2023-0674?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit