CVE-2023-0674

Name of the Vulnerable Software and Affected Versions XXL-JOB version 2.3.1

Description A vulnerability has been found in the New Password Handler component, specifically affecting some unknown functionality of the file /user/updatePwd. This issue leads to cross-site request forgery and can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For XXL-JOB version 2.3.1, consider disabling the /user/updatePwd endpoint until a patch is available to prevent cross-site request forgery attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.