Xuxueli xxl-job har 3.1.1 Jobs JobInfoController.java remove ID kura hakki ndiyam

GumtiTarihigandayajsonxmlCTI

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Xuxueli xxl-job har 3.1.1. Hakika, aikin remove ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /src/main/java/com/xxl/job/admin/controller/JobInfoController.java, a cikin sashen Jobs Handler. A sa manipulation of the argument ID ka kura hakki ndiyam. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-99. Hakika, rauni an bayyana shi 08/20/2025 kamar 3773. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-9264. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Goyarwa · 99 Datenpunkte

Furɗe	Súgá 08/20/2025 16:22	Gargadi 1/3 08/21/2025 09:19	Gargadi 2/3 08/21/2025 12:44	Gargadi 3/3 09/11/2025 21:14
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.5	5.5	5.5	5.5
cvss2_vuldb_tempscore	4.7	4.7	4.7	4.7
cvss3_vuldb_basescore	5.4	5.4	5.4	5.4
cvss3_vuldb_tempscore	4.9	4.9	4.9	4.9
cvss3_meta_basescore	5.4	5.4	5.4	5.4
cvss3_meta_tempscore	4.9	5.1	5.1	5.2
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1755640800 (08/20/2025)	1755640800 (08/20/2025)	1755640800 (08/20/2025)	1755640800 (08/20/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_vendor	Xuxueli	Xuxueli	Xuxueli	Xuxueli
software_name	xxl-job	xxl-job	xxl-job	xxl-job
software_version	<=3.1.1	<=3.1.1	<=3.1.1	<=3.1.1
software_component	Jobs Handler	Jobs Handler	Jobs Handler	Jobs Handler
software_file	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java
software_function	remove	remove	remove	remove
software_argument	id	id	id	id
vulnerability_cwe	CWE-99 (kura hakki ndiyam)	CWE-99 (kura hakki ndiyam)	CWE-99 (kura hakki ndiyam)	CWE-99 (kura hakki ndiyam)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	3773	3773	3773	3773
advisory_url	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841
source_cve	CVE-2025-9264	CVE-2025-9264	CVE-2025-9264	CVE-2025-9264
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cve_nvd_summary		A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		N	N	N
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		N	N	N
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		5.4	5.4	5.4
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		N	N	N
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		5.5	5.5	5.5
cve_nvd_summaryes			Se encontró una vulnerabilidad en Xuxueli xxl-job hasta la versión 3.1.1. Este problema afecta a la función "eliminar" del archivo /src/main/java/com/xxl/job/admin/controller/JobInfoController.java del componente Jobs Handler. La manipulación del ID del argumento da como resultado un control inadecuado de los identificadores de recursos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.	Se encontró una vulnerabilidad en Xuxueli xxl-job hasta la versión 3.1.1. Este problema afecta a la función "eliminar" del archivo /src/main/java/com/xxl/job/admin/controller/JobInfoController.java del componente Jobs Handler. La manipulación del ID del argumento da como resultado un control inadecuado de los identificadores de recursos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				N
cvss3_nvd_i				L
cvss3_nvd_a				L
cvss3_nvd_basescore				5.4

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!