{"id":"GHSA-7qq9-9g2w-56f9","summary":"Improper Privilege Management in com.xuxueli:xxl-job","details":"XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.","aliases":["CVE-2022-36157"],"modified":"2024-02-17T05:36:58.372049Z","published":"2022-08-20T00:00:30Z","database_specific":{"github_reviewed_at":"2022-08-30T20:42:16Z","cwe_ids":["CWE-269"],"severity":"HIGH","github_reviewed":true,"nvd_published_at":"2022-08-19T22:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36157"},{"type":"WEB","url":"https://github.com/Richard-Muzi/vulnerability/issues/1"},{"type":"WEB","url":"https://github.com/xuxueli/xxl-job/commit/730c1066b80e8ab44503ed34ced19ef8e0471fec"},{"type":"WEB","url":"https://github.com/xuxueli/xxl-job"}],"affected":[{"package":{"name":"com.xuxueli:xxl-job","ecosystem":"Maven","purl":"pkg:maven/com.xuxueli/xxl-job"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0"}]}],"versions":["1.4.1","1.4.2","1.5.0","1.5.1","1.5.2","1.6.0","1.6.1","1.6.2","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.9.0","1.9.1","1.9.2","2.0.0","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.2.0","2.3.0","2.3.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-7qq9-9g2w-56f9/GHSA-7qq9-9g2w-56f9.json","last_known_affected_version_range":"\u003c= 2.3.1"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}