An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CPE | Name | Operator | Version |
---|---|---|---|
jumpserver | ge | 2.4.0 | |
jumpserver | lt | 2.4.5 | |
jumpserver | ge | 2.5.0 | |
jumpserver | lt | 2.5.4 | |
jumpserver | ge | 2.6.0 | |
jumpserver | lt | 2.6.2 |