-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the absence of old password verification in the password update flow. The patch added a critical check comparing the submitted oldPassword with the stored password (via Objects.equals(req.getOldPassword(), appInfoDO.getPassword())). The vulnerable version's saveAppInfo() function in AppInfoController.java processed modification requests without this authentication step, allowing unauthorized password changes by ID manipulation. The direct correlation between the attack vector (/appinfo/save endpoint) and the patched code in this function confirms its vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.github.kfcfans:powerjob | maven | < 3.3.3 | 3.3.3 |
JavaJavaOngoing coverage of React2Shell