Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xxl-job-admin v2.3.0 has a CSRF vulnerability, which can be used to create an administrator account、Modify password, perform task scheduling and other operations #2821

Open
hanjianfei1 opened this issue Apr 8, 2022 · 0 comments

Comments

@hanjianfei1
Copy link

hanjianfei1 commented Apr 8, 2022

/gaia-job-admin/user/add is an interface for adding users and giving users permissions. This interface has CSRF vulnerability
POC:

<script>history.pushState('', '', '/')</script> After clicking, the administrator role has been added

record

@hanjianfei1 hanjianfei1 changed the title xxl-job-admin v2.3.0 CSRF Vulnerabilities Combination to Create Administrator、Modify password, perform task scheduling and other operations xxl-job-admin v2.3.0 has a CSRF vulnerability, which can be used to create an administrator account、Modify password, perform task scheduling and other operations Apr 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant