CVE-2023-29923

MEDIUM NUCLEI

PowerJob V4.3.1 - Insecure Permissions via List Job Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2023-29923. PoCs published by 1820112015, P4x1s, Le1a. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that scans for CVE-2023-29923, an unauthorized access vulnerability. It checks for the presence of the vulnerability by sending a POST request to a specific endpoint and analyzing the response.

Description

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.

Exploits (5)

nomisec SCANNER 15 stars
by 1820112015 · poc
https://github.com/1820112015/CVE-2023-29923

This repository contains a Python script that scans for CVE-2023-29923, an unauthorized access vulnerability. It checks for the presence of the vulnerability by sending a POST request to a specific endpoint and analyzing the response.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unknown (likely a web application with a job listing endpoint)
No auth needed
Prerequisites: A list of target URLs in a text file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 3 stars
by P4x1s · poc
https://github.com/P4x1s/CVE-2023-29923-Scan

This repository contains a scanner for detecting CVE-2023-29923, an unauthorized access vulnerability in PowerJob versions <=4.3.2. The README indicates it is a detection tool rather than an exploit.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerJob <=4.3.2
No auth needed
Prerequisites: Network access to the target PowerJob instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by Le1a · poc
https://github.com/Le1a/CVE-2023-29923

This repository contains a Python script that checks for the presence of CVE-2023-29923, an unauthorized access vulnerability in PowerJob V4.3.1. The script sends a POST request to the '/job/list' endpoint and checks if the response contains 'success' to determine vulnerability.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerJob V4.3.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild SCANNER
poc
https://github.com/ckevens/cve-2023-29923-scan

This repository contains a detection tool for CVE-2023-29923, an unauthorized access vulnerability in PowerJob versions <=4.3.2. The README indicates it is a scanning tool rather than an exploit.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerJob <=4.3.2
No auth needed
Prerequisites: network access to target
devstral-2 · analyzed Feb 23, 2026 Full analysis →
inthewild SCANNER
poc
https://github.com/3yujw7njai/cve-2023-29923-scan

This repository contains a detection tool for CVE-2023-29923, an unauthorized access vulnerability in PowerJob versions <=4.3.2. The README indicates it is a scanning tool rather than an exploit.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PowerJob <=4.3.2
No auth needed
Prerequisites: network access to target
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

PowerJob <=4.3.2 - Unauthenticated Access
MEDIUMVERIFIEDby For3stCo1d
Shodan: http.html:"powerjob"
FOFA: app="PowerJob" || app="powerjob" || body="powerjob"

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.8544
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-276
Status published
Products (2)
powerjob/powerjob 4.3.1
tech.powerjob/powerjob 0Maven
Published Apr 19, 2023
Tracked Since Feb 18, 2026