xxl-job v3.3.2 Authorization Bypass정보

제목	xuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypass
설명	An Insecure Direct Object Reference (IDOR) vulnerability exists in xxl-job-admin/joblog/logDetailCat. Any authenticated user who can obtain or guess a valid logId can read execution log content belonging to job groups they are not authorized to access. Unlike the adjacent log detail page, the JSON log-reading endpoint does not enforce job-group authorization before returning log content. This leads to unauthorized disclosure of job execution logs, which may contain sensitive business parameters, internal network addresses, stack traces, operational metadata, and secrets written by jobs during execution.
원천	⚠️ https://github.com/xuxueli/xxl-job/issues/3936
사용자	larlarua (UID 97278)
제출	2026. 04. 12. AM 11:29 (2 개월 ago)
모더레이션	2026. 04. 28. PM 01:45 (16 days later)
상태	수락
VulDB 항목	359959 [Xuxueli xxl-job 까지 3.3.2 Execution Log JobLogController.java logDetailCat logId 권한 상승]
포인트들	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!