Primary

Context

PowerJob Unauthorized Access Vulnerability in User List Endpoint

Vulnerability

A vulnerability exists in PowerJob versions through 5.1.2, allowing unauthenticated users to access the '/user/list' endpoint without proper authorization. This flaw enables the retrieval of user information, creating a vertical authorization issue. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability leads to unauthorized access to user information, bypassing normal authorization controls.

Reproduction

To reproduce this vulnerability, send a GET request to the '/user/list' endpoint without any authentication. The response will include the user list, demonstrating the lack of authorization checks.

Remediation

It is recommended to add proper authorization controls to the '/user/list' endpoint by using the '@ApiPermission' annotation.

Added: Oct 10, 2025, 6:25 PM

Updated: Oct 10, 2025, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerJob Unauthorized Access Vulnerability in User List Endpoint

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PowerJob

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating