xxl-job-admin v2.3.0 has a CSRF vulnerability, which can be used to create an administrator account、Modify password, perform task scheduling and other operations
#2821
Open
hanjianfei1 opened this issue
Apr 8, 2022
· 0 comments
/gaia-job-admin/user/add is an interface for adding users and giving users permissions. This interface has CSRF vulnerability
POC:
<script>history.pushState('', '', '/')</script>
After clicking, the administrator role has been added
The text was updated successfully, but these errors were encountered:
hanjianfei1
changed the title
xxl-job-admin v2.3.0 CSRF Vulnerabilities Combination to Create Administrator、Modify password, perform task scheduling and other operations
xxl-job-admin v2.3.0 has a CSRF vulnerability, which can be used to create an administrator account、Modify password, perform task scheduling and other operations
Apr 8, 2022
/gaia-job-admin/user/add is an interface for adding users and giving users permissions. This interface has CSRF vulnerability
<script>history.pushState('', '', '/')</script> After clicking, the administrator role has been addedPOC:
The text was updated successfully, but these errors were encountered: