| Título | xuxueli xxl-job ≤ 3.1.1 IDOR |
|---|
| Descripción | In xxl-job versions up to 3.1.1, an Insecure Direct Object Reference (IDOR) vulnerability in /xxl-job-admin/joblog/getJobsByGroup allows authenticated but unauthorized users to access job logs from all groups, resulting in information disclosure. |
|---|
| Fuente | ⚠️ https://github.com/xuxueli/xxl-job/issues/3772 |
|---|
| Usuario | ez-lbz (UID 87033) |
|---|
| Sumisión | 2025-08-11 05:31 (hace 9 meses) |
|---|
| Moderación | 2025-08-20 16:17 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 320805 [Xuxueli xxl-job hasta 3.1.1 JobLogController.java getJobsByGroup jobGroup escalada de privilegios] |
|---|
| Puntos | 16 |
|---|