CVE-2024-42681

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xxl-job version 2.4.1

Description The issue allows a remote attacker to execute arbitrary code via the Sub-Task ID component due to insecure permissions.

Recommendations For xxl-job version 2.4.1, consider disabling the Sub-Task ID component until a patch is available to prevent remote code execution.

Exploit

Fix

Improper Preservation of Permissions

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-276CWE-277

Related Identifiers

CVE-2024-42681

GHSA-CPFP-M5QW-C4R3

Affected Products

Xxl-Job

CVE-2024-42681

Weakness Enumeration

Related Identifiers

Affected Products

References · 10