247 matches found
CVE-2023-42442 JumpServer session replays download without authentication
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
CVE-2023-42442 JumpServer session replays download without authentication
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
Jumpserver Authorization Issues Vulnerability
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an authorization issue vulnerability that stems from downloading session replays without authentication...
PT-2023-5833 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...
CVE-2022-42225
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
CVE-2022-42225
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
CVE-2022-42225
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
Cross site scripting
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
Jumpserver 跨站脚本漏洞
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in Jumpserver versions 2.10.0 through 2.26.0, which stems from improper filtering of user input. An attacker can exploit the vulnerability to execute arbitrary...
CVE-2022-42225
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
CVE-2022-42225
Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...
CVE-2022-42225
Jumpserver is affected by multiple stored XSS vulnerabilities in versions 2.10.0 through 2.26.0 due to improper filtering of user input, which can allow execution of arbitrary JavaScript with admin privileges. The documentation does not specify a fixed version; remediation guidance notes upgradin...
CVE-2023-28110
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
Design/Logic Flaw
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
CVE-2023-28110
CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...
Jumpserver 命令注入漏洞
Jumpserver is an open source bastion from Hangzhou Feizhiyun Information Technology Co. in China. A command injection vulnerability exists in Jumpserver versions prior to 2.28.8. Attackers use this vulnerability to connect to a Kubernetes cluster via Koko using an illegal token, resulting in the...
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...