| Description: | | XXL-JOB is an open source distributed task scheduling platform for large-scale task scheduling and execution. In the default configuration of XXL-JOB, the accessToken used for scheduling communications is not randomly generated, but uses the default values in the application.properties configuration file. In actual use, if the default value is not modified, an attacker can use this to bypass authentication by calling an executor, executing arbitrary code, and thus gaining server permissions. The vulnerability affects version XXL-JOB <= 2.4.0. |