GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.

Basic Information

ID CVE-2026-44341

Source GitHub_M

Published May 12, 2026 at 22:39

Affected Product

Vendor karnop

Product gojobs

Version <= 2cc74a78dcf101c089ea209f2aaefef0674f6b55

Affected Versions karnop gojobs <= 2cc74a78dcf101c089ea209f2aaefef0674f6b55

CWE Classification

CWE-284 CWE-639

References

github.com /karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf

{
    "lastseen": "",
    "description": "GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.",
    "published": "2026-05-12T22:39:08.112Z",
    "modified": "2026-05-12T22:39:08.112Z",
    "type": "cve",
    "title": "GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf",
    "id": "CVE-2026-44341",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "karnop gojobs <= 2cc74a78dcf101c089ea209f2aaefef0674f6b55",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gojobs",
    "version": "<= 2cc74a78dcf101c089ea209f2aaefef0674f6b55",
    "vendor": "karnop",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint_CVE-2026-44341