CVE-2023-36106 – tech.powerjob:powerjob

Package

Manager: maven
Name: tech.powerjob:powerjob
Vulnerable Version: >=0 <=4.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00123 pctl0.32193

Details

PowerJob incorrect access control vulnerability An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via `appId` parameter to `/container/list`.

Metadata

Created: 2023-08-17T21:30:53Z
Modified: 2023-08-23T20:06:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-443m-3fr6-w8wj/GHSA-443m-3fr6-w8wj.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-443m-3fr6-w8wj
Finding: F039
Auto approve: 1