-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the /jobcode/save endpoint which handles job code modifications. The reproduction steps demonstrate that unprivileged users can directly modify executable code (via glueSource parameter) through this endpoint. The lack of proper privilege validation in the save function allows RCE by injecting malicious code that gets executed when the job runs. While exact implementation details aren't available, the endpoint mapping and parameter handling patterns in Java web applications strongly suggest the vulnerability resides in the controller method handling this endpoint.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.xuxueli:xxl-job-admin | maven | <= 2.4.0 |