CVE-2020-23811: xxl-job sensitive data exposure

May 24, 2022 (updated July 18, 2023)

xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.

References

github.com/advisories/GHSA-m5q9-488r-4rmp
nvd.nist.gov/vuln/detail/CVE-2020-23811

Detect and mitigate CVE-2020-23811 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →