Description
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
Remediation
References
https://gist.github.com/tztdsb/a653b6db328199ec0f55e54b4e466415#file-gistfile1-txt
https://gitee.com/KFCFans/PowerJob
Related Vulnerabilities
CVE-2021-23664 Vulnerability in npm package @isomorphic-git/cors-proxy
CVE-2018-11776 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2013-6430 Vulnerability in maven package org.springframework:spring-web
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-parent
CVE-2017-11556 Vulnerability in maven package org.webjars.npm:node-sass