Xuxueli xxl-job ଯେପର୍ଯ୍ୟନ୍ତ 3.1.1 JobLogController.java getJobsByGroup jobGroup ବିସ୍ତାରିତ ଅଧିକାର

ଏଣ୍ଟ୍ରିଇତିହାସମିଶ୍ରଣ କରନ୍ତୁjsonxmlCTI

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Xuxueli xxl-job ଯେପର୍ଯ୍ୟନ୍ତ 3.1.1 keessatti argameera. Kan miidhamte is hojii getJobsByGroup faayilii /src/main/java/com/xxl/job/admin/controller/JobLogController.java keessa. Hojii jijjiirraa irratti gaggeeffame jobGroup gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-99 geessa. Dadhabbii kana yeroo 08/20/2025 maxxanfameera akka 3772. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2025-9263tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 88 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 08/20/2025 04:22 PM	ଅଦ୍ୟତନ 1/2 08/21/2025 09:19 AM	ଅଦ୍ୟତନ 2/2 08/21/2025 12:44 PM
software_vendor	Xuxueli	Xuxueli	Xuxueli
software_name	xxl-job	xxl-job	xxl-job
software_version	<=3.1.1	<=3.1.1	<=3.1.1
software_file	/src/main/java/com/xxl/job/admin/controller/JobLogController.java	/src/main/java/com/xxl/job/admin/controller/JobLogController.java	/src/main/java/com/xxl/job/admin/controller/JobLogController.java
software_function	getJobsByGroup	getJobsByGroup	getJobsByGroup
software_argument	jobGroup	jobGroup	jobGroup
vulnerability_cwe	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_identifier	3772	3772	3772
advisory_url	https://github.com/xuxueli/xxl-job/issues/3772	https://github.com/xuxueli/xxl-job/issues/3772	https://github.com/xuxueli/xxl-job/issues/3772
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/xuxueli/xxl-job/issues/3772#issue-3308329205	https://github.com/xuxueli/xxl-job/issues/3772#issue-3308329205	https://github.com/xuxueli/xxl-job/issues/3772#issue-3308329205
source_cve	CVE-2025-9263	CVE-2025-9263	CVE-2025-9263
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	N	N	N
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	3.9	4.1	4.1
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1755640800 (08/20/2025)	1755640800 (08/20/2025)	1755640800 (08/20/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		N	N
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		N	N
cvss3_cna_a		N	N
cvss3_cna_basescore		4.3	4.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		N	N
cvss2_cna_ai		N	N
cvss2_cna_basescore		4	4
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en Xuxueli xxl-job hasta la versión 3.1.1. Esta vulnerabilidad afecta a la función getJobsByGroup del archivo /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Esta manipulación del argumento jobGroup conlleva un control indebido de los identificadores de recursos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!