CVE-2023-29922

MEDIUM NUCLEI

PowerJob V4.3.1 - Improper Access Control via User Creation Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-29922. PoCs published by CN016. A Nuclei detection template is also available.

AI-analyzed exploit summary This script checks for the presence of CVE-2023-29922 in Powerjob by sending a POST request to the '/job/list' endpoint and verifying the response. It does not exploit the vulnerability but confirms its existence.

Description

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.

Exploits (1)

nomisec SCANNER

by CN016 · poc

https://github.com/CN016/Powerjob-CVE-2023-29922-

View Code ZIP pw:eip

This script checks for the presence of CVE-2023-29922 in Powerjob by sending a POST request to the '/job/list' endpoint and verifying the response. It does not exploit the vulnerability but confirms its existence.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Powerjob (version not specified)

No auth needed

Prerequisites: Network access to the target Powerjob instance

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PowerJob V4.3.1 - Authentication Bypass

MEDIUMVERIFIEDby Co5mos

Shodan: html:"PowerJob" || http.html:"powerjob"

FOFA: app="PowerJob" || app="powerjob" || body="powerjob"

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/PowerJob/PowerJob/issues/585

Scores

CVSS v3 5.3

EPSS 0.9039

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

powerjob/powerjob 4.3.1

tech.powerjob/powerjob 0Maven

Published Apr 19, 2023

Tracked Since Feb 18, 2026