247 matches found
JumpServer Security Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in JumpServer versions prior to 3.8.0 that stems from allowing an attacker to bypass password brute force protection by spoofing arbitrary IP addresses...
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...
GHSA-4R5X-X283-WM96 Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
CVE-2023-42442 CVE-2023-42442 – JumpServer Session recording...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Path Traversal in Fit2Cloud Jumpserver
CVE-2023-42819 CVE-2023-42819 Description of the Vulne...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver
CVE-2023-42820 CVE-2023-42820 Vulnerability Description...
The vulnerability of the application software interface of the JumpServer system for auditing security operations and maintenance allows a perpetrator to bypass passwords.
The vulnerability of the application software interface of the JumpServer security audit system for operation and maintenance involves insufficient protection of operational data during the loading of external libraries. Exploiting this vulnerability allows a malicious actor to remotely reset...
The vulnerability of the application software interface of the JumpServer system for security audits, which allows a perpetrator to trigger a service failure.
The vulnerability of the application software interface of the JumpServer security audit system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures...
CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...
CVE-2023-42818
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
Remote code execution
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...
Authentication flaw
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818
JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...
CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...