Description
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
Remediation
References
https://www.ccsq8.com/issues.html
Related Vulnerabilities
CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder
CVE-2019-15658 Vulnerability in npm package connect-pg-simple
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-10800 Vulnerability in npm package lix
CVE-2018-20222 Vulnerability in maven package org.airsonic.player:airsonic-main