Description
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
Remediation
References
https://github.com/xuxueli/xxl-job/issues/2821
Related Vulnerabilities
CVE-2020-11002 Vulnerability in maven package io.dropwizard:dropwizard-validation
CVE-2021-21695 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-46496 Vulnerability in npm package @evershop/evershop
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-base