Enviar #803077: xuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypassinformación

Títuloxuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypass
DescripciónThe admin-side OpenAPI entrypoint explicitly disables SSO login and relies solely on the XXL-JOB-ACCESS-TOKEN header for authorization. At the same time, the default configuration file sets the token to a fixed public value: default_token. Because the sample and default deployment flow does not force operators to replace this secret before exposing the service, the product can be deployed in an insecure state by default.
Fuente⚠️ https://github.com/xuxueli/xxl-job/issues/3938
Usuario
 larlarua (UID 97278)
Sumisión2026-04-12 11:32 (hace 2 meses)
Moderación2026-04-28 13:45 (16 days later)
EstadoAceptado
Entrada de VulDB359961 [Xuxueli xxl-job hasta 3.3.2 OpenAPI Endpoint OpenApiController.java default_token cifrado débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!