Description
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
Remediation
References
https://github.com/xuxueli/xxl-job/issues/2821
Related Vulnerabilities
CVE-2021-3644 Vulnerability in maven package org.wildfly.core:wildfly-controller
CVE-2023-27479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2022-25921 Vulnerability in npm package morgan-json
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat:tomcat-coyote