MEDIUM SeverityCVSS 3.15.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2026-44341

Last updated May 12, 2026 · Published May 12, 2026

Description

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.

Affected products

1 listed

karnop:gojobs

Mappings

CWE

CWE-284CWE-639

CAPEC

None listed.

Research

Insecure direct object references (IDOR): detection and preventionInsecure direct object references let users access other users' data by changing an ID. Enforce object-level…

Training

Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.

CVE-2026-44341

Description

Affected products

Mappings

Related