247 matches found
JumpServer Security Vulnerability
JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer GPLv3 v.3.8.0, which stems from improper privilege management. An attacker can execute arbitrary code by exploiting the vulnerability...
PT-2023-30721 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer GPLv3 version 3.8.0 Description: The issue allows a remote attacker to execute arbitrary code by bypassing the command filtering function. It is noted that command filtering is not intended to restrict what code can be run by...
CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to...
CVE-2023-48193
The CVE-2023-48193 entry concerns JumpServer GPLv3, version 3.8.0, with an Insecure Permissions vulnerability that allows a remote attacker to execute arbitrary code by bypassing the command filtering function. This is described across multiple sources (NVD/OSV) as a high-severity issue (CVSS 9.8...
The vulnerability of the JumpServer security audit system arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to gain unauthorized access to protected information and modify the contents of arbitrary files within the system.
The vulnerability of the JumpServer security audit system relates to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and modify the contents of arbitrary...
The vulnerability of the application software interface of the JumpServer security audit system allows a perpetrator to bypass the authentication process.
The vulnerability of the application software interface of the JumpServer security audit system for operation and maintenance is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process...
CVE-2023-46138
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
Design/Logic Flaw
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138
CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
Jumpserver Authorization Issues Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer versions prior to 3.8.0 suffer from an authorization issue vulnerability that stems from an attacker being able to reset a password by sending an email...
PT-2023-29870 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.8.0 Description: The issue concerns the default email address for the initial admin user, which is set to [email protected]. This could potentially affect password reset functionality if the domain mycompany.c...
CVE-2023-46123
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...
Design/Logic Flaw
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...
CVE-2023-46123 jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...
CVE-2023-46123 jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...
CVE-2023-46123
CVE-2023-46123 describes a bypass of password brute-force protections in JumpServer’s Core API by spoofing arbitrary IP addresses, enabling attackers to perform unlimited password attempts. Affected: JumpServer (open source bastion/O&M system) prior to version 3.8.0. Mitigation: patch applied in ...
CVE-2023-46123 jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...