CVE-2026-44341
MEDIUMGoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint
Title source: cnaDescription
GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
14.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-639
Status
published
Products (1)
karnop/gojobs
<= 2cc74a78dcf101c089ea209f2aaefef0674f6b55
Published
May 12, 2026
Tracked Since
May 13, 2026