Lucene search
GoogleOSV:GHSA-443M-3FR6-W8WJHistoryAug 17, 2023 - 9:30 p.m.
PowerJob incorrect access control vulnerability
2023-08-1721:30:53
Google
osv.dev
5
access control
powerjob
remote attackers
sensitive information
query interface
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
42.3%
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
Related
cve
cve
CVE-2023-36106
2023-08-17 20:15:10
cvelist
cvelist
CVE-2023-36106
2023-08-17 00:00:00
veracode
veracode
Information Disclosure
2023-08-22 05:16:13
prion
prion
Improper access control
2023-08-17 20:15:00
nvd
nvd
CVE-2023-36106
2023-08-17 20:15:10
github
github
PowerJob incorrect access control vulnerability
2023-08-17 21:30:53
osv
osv
CVE-2023-36106
2023-08-17 20:15:10
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
42.3%
Related for OSV:GHSA-443M-3FR6-W8WJ