What the vulnerability does
01Description
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
Explanation of Vulnerability in Simple Terms
JS Job Manager through version 2.0.2 lacks proper authorization checks, allowing unauthenticated attackers to modify job postings or related data via direct requests. No authentication is required to exploit this vulnerability. Site administrators should update to a version newer than 2.0.2 immediately.
What an attacker can do
Modify job postings and related data without logging in.
Potential impact on your site
Job listings can be altered or deleted by anyone, potentially disrupting recruitment and damaging site credibility.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources