Description
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
Remediation
References
https://www.ccsq8.com/issues.html
Related Vulnerabilities
CVE-2018-20094 Vulnerability in maven package com.xuxueli:xxl-conf
CVE-2021-43803 Vulnerability in npm package next
CVE-2020-7647 Vulnerability in maven package io.jooby:jooby
CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core
CVE-2018-18853 Vulnerability in maven package io.spray:spray-json_2.11