Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

NVD
NVDadded 2023/10/31 12:15 a.m.14 views

CVE-2023-46138

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

5.3CVSS4.7AI score0.00041EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/10/30 11:53 p.m.12 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS7AI score0.00041EPSS
Exploits0References2
CVE
CVEadded 2023/10/30 11:53 p.m.37 views

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

5.3CVSS4.9AI score0.00041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/10/30 11:53 p.m.13 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS5.6AI score0.00041EPSS
Exploits0References2
Prion
Prionadded 2023/10/25 6:17 p.m.18 views

Design/Logic Flaw

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

5CVSS5.5AI score0.00596EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder