CVE-2020-24922

Name of the Vulnerable Software and Affected Versions xuxueli xxl-job version 2.2.0

Description The issue is a Cross Site Request Forgery (CSRF) vulnerability in the xxl-job-admin/user/add endpoint, which allows remote attackers to execute arbitrary code and escalate privileges via a crafted .html file. This vulnerability enables attackers to perform unauthorized actions on the affected system.

Recommendations For version 2.2.0, consider disabling access to the xxl-job-admin/user/add endpoint until a patch is available. As a temporary workaround, restrict the use of this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.