18 matches found
CVE-2024-29202
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...
CVE-2024-29201
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...
CVE-2024-40629
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...
CVE-2024-40628
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
The vulnerability of the PAM system for JumpServer is related to incorrect restrictions on the path name to the restricted directory. This allows a intruder to gain unauthorized access to read any files in the Celery container.
The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized read access to arbitrary files i...
The vulnerability of the JumpServer PAM system is related to incorrect restrictions on the path name to the restricted directory. This allows a violator to execute arbitrary code in the Celery container.
The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the Celery container by executing a specially...
CVE-2024-40629
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
PT-2024-5027 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.12 JumpServer versions prior to 4.0.0 Description: JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes...
PT-2024-5028 · Unknown +2 · Jumpserver +2
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.12 JumpServer versions prior to 4.0.0 Description: The issue is related to the JumpServer Privileged Access Management PAM tool, which provides secure access to various endpoints through a web browser. An...
The vulnerability of the JumpServer security audit system for operation and maintenance, related to insufficient validation of input data, allows attackers to execute arbitrary code.
The vulnerability of the JumpServer security audit system for operation and maintenance is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the Celery container...
CVE-2024-29201
JumpServer (open source bastion host) has a vulnerability in its Ansible workflow that allows bypassing input validation to execute arbitrary code inside the Celery container, which runs with root privileges and has database access. Exploitation could lead to unauthorized data access or manipulat...
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...
JumpServer 安全漏洞
JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer versions prior to v3.10.7, which stems from a vulnerability that allows an attacker to bypass the input validation mechanism in JumpServer's Ansibl...
JumpServer 代码注入漏洞
JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer versions prior to v3.10.7, which stems from a vulnerability that allows an attacker to exploit a Jinja2 template injection vulnerability in...
PT-2024-22804
Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.7 Description JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execut...
PT-2024-4192 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.7 Description: The issue is related to insufficient input validation in JumpServer's Ansible, allowing remote attackers to bypass the input validation mechanism and execute arbitrary code within the Celery...