CVE-2023-48087: 
Java vulnerability analysis and mitigation

xxl-job-admin 2.4.0 contains an Insecure Permissions vulnerability that allows unauthorized access to log management functionality. The vulnerability affects two specific endpoints: /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat, which fail to properly validate user privileges (GitHub Issue, NVD).

The vulnerability exists due to missing permission validation on the log management endpoints. When accessing /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat, the application does not properly verify user privileges. The CVSS v3.1 base score is 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and requiring low privileges (NVD).

This vulnerability allows unauthorized users to query and clear job logs without proper permissions. An attacker with basic user access can view sensitive log information and delete log records, potentially impacting system auditing and monitoring capabilities (GitHub Issue).

Users should upgrade to a version newer than 2.4.0 when available. In the meantime, it is recommended to implement additional access controls at the network or application layer to restrict access to these endpoints (NVD).