Design/Logic Flaw

2021-07-2321:15:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.9%

JSON

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

CPENameOperatorVersion
jumpserverge2.4.0
jumpserverlt2.4.5
jumpserverge2.5.0
jumpserverlt2.5.4
jumpserverge2.6.0
jumpserverlt2.6.2

Name	Operator	Version
jumpserver	ge	2.4.0
jumpserver	lt	2.4.5
jumpserver	ge	2.5.0
jumpserver	lt	2.5.4
jumpserver	ge	2.6.0
jumpserver	lt	2.6.2

References

blog.fit2cloud.com/?p=1764

mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg

s.tencent.com/research/bsafe/1228.html