Xuxueli xxl-job ଯେପର୍ଯ୍ୟନ୍ତ 3.1.1 Jobs JobInfoController.java remove ID ବିସ୍ତାରିତ ଅଧିକାର

ଏଣ୍ଟ୍ରିଇତିହାସମିଶ୍ରଣ କରନ୍ତୁjsonxmlCTI

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame Xuxueli xxl-job ଯେପର୍ଯ୍ୟନ୍ତ 3.1.1 keessatti argameera. Miidhaan irra gahe is hojii remove faayilii /src/main/java/com/xxl/job/admin/controller/JobInfoController.java keessa kutaa Jobs Handler keessa. Dhugumatti jijjiirraa irratti raawwatame ID gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-99 si geessa. Beekumsi kun yeroo 08/20/2025 ifoomsifameera akka 3773. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-9264 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 99 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 08/20/2025 04:22 PM	ଅଦ୍ୟତନ 1/3 08/21/2025 09:19 AM	ଅଦ୍ୟତନ 2/3 08/21/2025 12:44 PM	ଅଦ୍ୟତନ 3/3 09/11/2025 09:14 PM
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.5	5.5	5.5	5.5
cvss2_vuldb_tempscore	4.7	4.7	4.7	4.7
cvss3_vuldb_basescore	5.4	5.4	5.4	5.4
cvss3_vuldb_tempscore	4.9	4.9	4.9	4.9
cvss3_meta_basescore	5.4	5.4	5.4	5.4
cvss3_meta_tempscore	4.9	5.1	5.1	5.2
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1755640800 (08/20/2025)	1755640800 (08/20/2025)	1755640800 (08/20/2025)	1755640800 (08/20/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_vendor	Xuxueli	Xuxueli	Xuxueli	Xuxueli
software_name	xxl-job	xxl-job	xxl-job	xxl-job
software_version	<=3.1.1	<=3.1.1	<=3.1.1	<=3.1.1
software_component	Jobs Handler	Jobs Handler	Jobs Handler	Jobs Handler
software_file	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java	/src/main/java/com/xxl/job/admin/controller/JobInfoController.java
software_function	remove	remove	remove	remove
software_argument	id	id	id	id
vulnerability_cwe	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-99 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	3773	3773	3773	3773
advisory_url	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773	https://github.com/xuxueli/xxl-job/issues/3773
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841	https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841
source_cve	CVE-2025-9264	CVE-2025-9264	CVE-2025-9264	CVE-2025-9264
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cve_nvd_summary		A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		N	N	N
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		N	N	N
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		5.4	5.4	5.4
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		N	N	N
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		5.5	5.5	5.5
cve_nvd_summaryes			Se encontró una vulnerabilidad en Xuxueli xxl-job hasta la versión 3.1.1. Este problema afecta a la función "eliminar" del archivo /src/main/java/com/xxl/job/admin/controller/JobInfoController.java del componente Jobs Handler. La manipulación del ID del argumento da como resultado un control inadecuado de los identificadores de recursos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.	Se encontró una vulnerabilidad en Xuxueli xxl-job hasta la versión 3.1.1. Este problema afecta a la función "eliminar" del archivo /src/main/java/com/xxl/job/admin/controller/JobInfoController.java del componente Jobs Handler. La manipulación del ID del argumento da como resultado un control inadecuado de los identificadores de recursos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				N
cvss3_nvd_i				L
cvss3_nvd_a				L
cvss3_nvd_basescore				5.4

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!