CVE-2023-33779

Name of the Vulnerable Software and Affected Versions XXL-Job version 2.4.1

Description A lateral privilege escalation issue allows users to execute arbitrary commands on another user's account via a crafted POST request to the "/jobinfo/" API endpoint.

Recommendations For XXL-Job version 2.4.1, consider restricting access to the /jobinfo/ API endpoint until a patch is available. As a temporary workaround, limit the ability to execute commands on other users' accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.