Description
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
Remediation
References
https://github.com/xuxueli/xxl-job/issues/2821
Related Vulnerabilities
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2020-11020 Vulnerability in npm package faye
CVE-2018-1002203 Vulnerability in maven package org.webjars.npm:unzipper
CVE-2010-5312 Vulnerability in maven package org.webjars:jquery-ui
CVE-2023-43642 Vulnerability in maven package org.xerial.snappy:snappy-java