Submit #631704: xuxueli xxl-job ≤ 3.1.1 IDORinfo

Title	xuxueli xxl-job ≤ 3.1.1 IDOR
Description	In xxl-job versions up to 3.1.1, an Insecure Direct Object Reference (IDOR) vulnerability in /xxl-job-admin/joblog/getJobsByGroup allows authenticated but unauthorized users to access job logs from all groups, resulting in information disclosure.
Source	⚠️ https://github.com/xuxueli/xxl-job/issues/3772
User	ez-lbz (UID 87033)
Submission	08/11/2025 05:31 (9 months ago)
Moderation	08/20/2025 16:17 (9 days later)
Status	Accepted
VulDB entry	320805 [Xuxueli xxl-job up to 3.1.1 JobLogController.java getJobsByGroup jobGroup resource injection]
Points	16

Do you know our Splunk app?

Download it now for free!