Powerjob
CVE-2023-29923
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
AnalysisAI
PowerJob V4.3.1 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. Affected products include: Powerjob.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. Rated critical severity (CVSS 9.8), this vuln
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. Rated critical severity
PowerJob V4.3.2 has unauthorized interface that causes remote code execution. Rated critical severity (CVSS 9.8), this v
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. Rated medium severity (CVS
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. Rated medium severity (CVSS 5.3)
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive info
Remote code injection in PowerJob 5.1.0, 5.1.1, and 5.1.2 allows unauthenticated attackers to execute arbitrary code via
Server-side request forgery in PowerJob up to version 5.1.2 allows authenticated remote attackers to manipulate the targ
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today