CVE-2021-3169

2021-07-2300:00:00

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.9%

JSON

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

References

blog.fit2cloud.com/?p=1764

mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg

s.tencent.com/research/bsafe/1228.html