Description
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.
Remediation
References
https://github.com/KFCFans/PowerJob/issues/99
Related Vulnerabilities
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2021-44906 Vulnerability in maven package org.webjars.bowergithub.substack:minimist
CVE-2020-36649 Vulnerability in npm package papaparse
CVE-2021-23447 Vulnerability in npm package teddy
CVE-2018-1307 Vulnerability in maven package org.apache.juddi:juddi-client