[com.xuxueli:xxl-job] Cross-Site Request Forgery in XXL-Job

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-29002
• https://github.com/xuxueli/xxl-job/issues/2821
• https://github.com/advisories/GHSA-v3c9-w6g2-hjg3