Powerjob
CVE-2023-36106
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
AnalysisAI
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. Affected products include: Powerjob.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. Rated critical severity (CVSS 9.8), this vuln
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. Rated critical severity
PowerJob V4.3.2 has unauthorized interface that causes remote code execution. Rated critical severity (CVSS 9.8), this v
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. Rated medium severity (CVS
PowerJob V4.3.1 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. Rated medium severity (CVSS 5.3)
Remote code injection in PowerJob 5.1.0, 5.1.1, and 5.1.2 allows unauthenticated attackers to execute arbitrary code via
Server-side request forgery in PowerJob up to version 5.1.2 allows authenticated remote attackers to manipulate the targ
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today