CVE-2023-48087

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 15, 2023

Updated: Nov 21, 2023

CWE ID 732

Summary

CVE-2023-48087: The xxl-job-admin 2.4.0 application contains a vulnerability related to Insecure Permissions. Attackers can exploit this issue by accessing the /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat endpoints without proper authorization. Successful exploitation could result in unintended data modification or deletion, posing a significant risk to system integrity. It is recommended that users upgrade to a patched version of xxl-job-admin to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tYo2nw
https://www.cve.org/CVERecord?id=CVE-2023-48087
https://nvd.nist.gov/vuln/detail/CVE-2023-48087

Back to Vulnerability Database

CVE-2023-48087

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations