Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 20 maven packages depend on tech.powerjob:powerjob-common (12 direct, 8 indirect)
Ecosystem-wide dependent count for version 4.3.3.
DescriptionNVD
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.
AnalysisAI
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. Affected products include: Powerjob.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. Rated critical severity (CVSS 9.8), this vuln
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. Rated critical severity
PowerJob V4.3.2 has unauthorized interface that causes remote code execution. Rated critical severity (CVSS 9.8), this v
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. Rated medium severity (CVS
PowerJob V4.3.1 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. Rated medium severity (CVSS 5.3)
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive info
Remote code injection in PowerJob 5.1.0, 5.1.1, and 5.1.2 allows unauthenticated attackers to execute arbitrary code via
Server-side request forgery in PowerJob up to version 5.1.2 allows authenticated remote attackers to manipulate the targ
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today