Submeter #803077: xuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypassinformação

Títuloxuxueli https://github.com/xuxueli/xxl-job v3.3.2 Authorization Bypass
DescriçãoThe admin-side OpenAPI entrypoint explicitly disables SSO login and relies solely on the XXL-JOB-ACCESS-TOKEN header for authorization. At the same time, the default configuration file sets the token to a fixed public value: default_token. Because the sample and default deployment flow does not force operators to replace this secret before exposing the service, the product can be deployed in an insecure state by default.
Fonte⚠️ https://github.com/xuxueli/xxl-job/issues/3938
Utilizador
 larlarua (UID 97278)
Submissão12/04/2026 11h32 (há 2 meses)
Moderação28/04/2026 13h45 (16 days later)
EstadoAceite
Entrada VulDB359961 [Xuxueli xxl-job até 3.3.2 OpenAPI Endpoint OpenApiController.java default_token Encriptação fraca]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!