CVE-2023-36106: PowerJob incorrect access control vulnerability

August 17, 2023 (updated August 18, 2023)

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.

References

gist.github.com/tztdsb/a653b6db328199ec0f55e54b4e466415
gitee.com/KFCFans/PowerJob
github.com/advisories/GHSA-443m-3fr6-w8wj
nvd.nist.gov/vuln/detail/CVE-2023-36106

Detect and mitigate CVE-2023-36106 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →