Primary

Context

PowerJob Missing Authorization Vulnerability in OpenAPIController

Vulnerability

A vulnerability allowing unauthorized access has been identified in PowerJob versions through 5.1.2. This issue arises from multiple unauthenticated endpoints in the OpenAPIController, particularly the /openApi/runJob endpoint, which lacks proper authorization checks. As a result, an attacker can remotely exploit this vulnerability to access or manipulate resources without authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user, potentially allowing access to sensitive data or the ability to execute tasks without proper authorization.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /openApi/runJob endpoint with a jobId and appId parameter. This request can be made without any authentication, demonstrating the lack of authorization checks on this endpoint.

Remediation

It is recommended to add proper authorization checks by using the @ApiPermission annotation on the affected endpoints.

Added: Oct 10, 2025, 7:18 PM

Updated: Oct 10, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerJob Missing Authorization Vulnerability in OpenAPIController

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PowerJob

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating