CVE-2023-29926

9.8 CRITICAL

Remote Code Execution Authentication Bypass

📋 TL;DR

PowerJob V4.3.2 contains an unauthorized interface that allows attackers to execute arbitrary code remotely without authentication. This affects all systems running the vulnerable version of PowerJob, a distributed task scheduling framework commonly used in enterprise environments.

💻 Affected Systems

Products:

• PowerJob

Versions: V4.3.2

Operating Systems: All platforms running PowerJob

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of PowerJob V4.3.2 are vulnerable regardless of configuration.

📦 What is this software?

Powerjob by Powerjob

View all CVEs affecting Powerjob →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, or pivot to other systems in the network.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or deployment of ransomware/cryptominers.

🟢

If Mitigated

Limited impact if network segmentation and strict access controls prevent external access to PowerJob instances.

🌐 Internet-Facing: HIGH - Directly exploitable without authentication from the internet.

🏢 Internal Only: HIGH - Even internally accessible instances can be exploited by attackers who gain internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in an unauthorized interface that doesn't require authentication, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.3.3 or later

Vendor Advisory: https://github.com/PowerJob/PowerJob

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download PowerJob V4.3.3 or later from official repository. 3. Stop the PowerJob service. 4. Replace the application files with the patched version. 5. Restart the PowerJob service. 6. Verify the service is running correctly.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to PowerJob instances using firewall rules

Copy

iptables -A INPUT -p tcp --dport [PowerJob_port] -s [trusted_networks] -j ACCEPT
iptables -A INPUT -p tcp --dport [PowerJob_port] -j DROP

Reverse Proxy with Authentication

all

Place PowerJob behind a reverse proxy with authentication requirements

🧯 If You Can't Patch

• Implement strict network segmentation to isolate PowerJob instances from untrusted networks
• Deploy web application firewall (WAF) rules to block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check PowerJob version in application logs or configuration files. If version is exactly 4.3.2, the system is vulnerable.

Check Version:

Copy

Check application startup logs or configuration files for version information

Verify Fix Applied:

Copy

Verify the version has been updated to 4.3.3 or later and test that unauthorized access attempts are properly rejected.

📡 Detection & Monitoring

Log Indicators:

• Unauthorized access attempts to PowerJob interfaces
• Unusual command execution patterns in system logs
• Failed authentication attempts followed by successful operations

Network Indicators:

• Unusual outbound connections from PowerJob servers
• Traffic to PowerJob ports from unexpected sources
• Exploit pattern detection in network traffic

SIEM Query:

Copy

source="powerjob.log" AND ("unauthorized" OR "access denied") AND status=200

📊 Metadata

CVE ID: CVE-2023-29926

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: April 20, 2023

Last Updated: February 5, 2025

🔗 References

• https://iotaa.cn/articles/63 Broken Link
• https://iotaa.cn/articles/63 Broken Link

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON