Lucene search
PRIOn knowledge basePRION:CVE-2023-42820HistorySep 27, 2023 - 3:19 p.m.
Design/Logic Flaw
2023-09-2715:19:00
PRIOn knowledge base
www.prio-n.com
10
jumpserver
bastion host
vulnerability
random number seed
api
replay
verification codes
password resets
mfa
local authentication
upgrade
nvd
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jumpserver | ge | 3.0.0 | |
| jumpserver | lt | 3.6.5 | |
| jumpserver | ge | 2.24.0 | |
| jumpserver | lt | 2.28.19 |
Related
nvd
nvd
CVE-2023-42820
2023-09-27 15:19:33
cvelist
cvelist
CVE-2023-42820 Random seed leakage in Jumpserver
2023-09-26 20:35:22
githubexploit
githubexploit
Exploit for Vulnerability in Fit2Cloud Jumpserver
2023-09-28 17:16:02
cve
cve
CVE-2023-42820
2023-09-27 15:19:33
attackerkb
attackerkb
CVE-2023-42820
2023-09-27 00:00:00
osv
osv
CVE-2023-42820
2023-09-27 15:19:33