Description
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
Remediation
References
https://www.ccsq8.com/issues.html
Related Vulnerabilities
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2019-15599 Vulnerability in npm package treekill
CVE-2020-5428 Vulnerability in maven package org.springframework.cloud:spring-cloud-task-core
CVE-2018-11798 Vulnerability in maven package org.webjars.npm:thrift
CVE-2018-1131 Vulnerability in maven package org.infinispan:infinispan-core