Enviar #803075: xuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypassinformación

Títuloxuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypass
DescripciónAn Insecure Direct Object Reference (IDOR) vulnerability exists in xxl-job-admin/joblog/logDetailCat. Any authenticated user who can obtain or guess a valid logId can read execution log content belonging to job groups they are not authorized to access. Unlike the adjacent log detail page, the JSON log-reading endpoint does not enforce job-group authorization before returning log content. This leads to unauthorized disclosure of job execution logs, which may contain sensitive business parameters, internal network addresses, stack traces, operational metadata, and secrets written by jobs during execution.
Fuente⚠️ https://github.com/xuxueli/xxl-job/issues/3936
Usuario
 larlarua (UID 97278)
Sumisión2026-04-12 11:29 (hace 2 meses)
Moderación2026-04-28 13:45 (16 days later)
EstadoAceptado
Entrada de VulDB359959 [Xuxueli xxl-job hasta 3.3.2 Execution Log JobLogController.java logDetailCat logId escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!