Primary

Context

PowerJob Server-Side Request Forgery Vulnerability in Network Request Handler

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in PowerJob versions through 5.1.2. The issue arises in the 'checkConnectivity' function within 'PingPongUtils.java', part of the Network Request Handler component. The vulnerability allows remote exploitation by manipulating the 'targetIp' and 'targetPort' parameters, enabling attackers to probe and potentially exploit internal services of the target system.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate requests to internal services, potentially leading to unauthorized access or information disclosure.

Reproduction

To reproduce this vulnerability, send a GET request to the '/server/checkConnectivity' endpoint with crafted 'targetIp' and 'targetPort' parameters. The request will be processed by the 'checkConnectivity' function, which does not properly validate the input, allowing for internal service probing.

Added: Dec 11, 2025, 3:18 PM

Updated: Dec 11, 2025, 4:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerJob Server-Side Request Forgery Vulnerability in Network Request Handler

Vulnerability

Impact

Reproduction

Affected Products

PowerJob

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating