Xxl-Job · Xxl-Job · CVE-2022-29002
**Name of the Vulnerable Software and Affected Versions**
XXL-Job version 2.3.0
**Description**
A Cross-Site Request Forgery (CSRF) issue allows attackers to create administrator accounts via the "/gaia-job-admin/user/add" API endpoint. This enables attackers to gain unauthorized access to the system.
**Recommendations**
For XXL-Job version 2.3.0, consider disabling access to the "/gaia-job-admin/user/add" API endpoint until a patch is available to prevent exploitation of the CSRF issue.