← Back
2026-05-12 22:39CVE-2026-44341GitHub_M
PUBLISHED5.2CWE-284CWE-639

GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data.

Problem type

Affected products

karnop

gojobs

<= 2cc74a78dcf101c089ea209f2aaefef0674f6b55 - AFFECTED

References

https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf

https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf

x_refsource_CONFIRM

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-44341
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-44341",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-05-12T22:39:08.112Z",
    "dateReserved": "2026-05-05T19:52:59.147Z",
    "datePublished": "2026-05-12T22:39:08.112Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-05-12T22:39:08.112Z"
      },
      "title": "GoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval Endpoint",
      "descriptions": [
        {
          "lang": "en",
          "value": "GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to job data."
        }
      ],
      "affected": [
        {
          "vendor": "karnop",
          "product": "gojobs",
          "versions": [
            {
              "version": "<= 2cc74a78dcf101c089ea209f2aaefef0674f6b55",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-284: Improper Access Control",
              "cweId": "CWE-284",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "cweId": "CWE-639",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf",
          "name": "https://github.com/karnop/gojobs/security/advisories/GHSA-x2j8-h9xc-wpgf",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    }
  }
}