Skip to main content

Xxl Job CVE-2022-43183

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2022-11-17 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 17, 2022 - 21:15 nvd
HIGH 8.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 63 maven packages depend on com.xuxueli:xxl-job-core (45 direct, 18 indirect)

Ecosystem-wide dependent count for version 2.4.0.

DescriptionNVD

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

AnalysisAI

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. Affected products include: Xuxueli Xxl-Job.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2024-3366 CRITICAL POC
9.8 Apr 06

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. Rated critical severity (CVSS 9.8),

CVE-2022-40929 CRITICAL POC
9.8 Sep 28

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-33779 HIGH POC
8.8 May 26

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another use

CVE-2024-42681 HIGH POC
8.8 Aug 15

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Tas

CVE-2024-24113 HIGH POC
8.8 Feb 08

xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control ex

CVE-2023-48089 HIGH POC
8.8 Nov 15

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. Rated high severity (C

CVE-2022-29002 HIGH POC
8.8 May 23

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via

CVE-2023-27087 HIGH POC
7.5 Mar 21

Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive infor

CVE-2023-0674 MEDIUM POC
6.5 Feb 04

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Rated medium severity (CVSS 6.5),

CVE-2023-26120 MEDIUM POC
6.1 Apr 10

This affects all versions of the package com.xuxueli:xxl-job. Rated medium severity (CVSS 6.1), this vulnerability is re

CVE-2020-29204 MEDIUM POC
6.1 Dec 27

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/j

CVE-2020-23814 MEDIUM POC
6.1 Sep 03

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web scr

Share

CVE-2022-43183 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy