Lucene search
K

247 matches found

Vulnrichment
Vulnrichment
added 2023/09/15 8:29 p.m.18 views

CVE-2023-42442 JumpServer session replays download without authentication

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.7AI score0.55861EPSS
Exploits5References3
OSV
OSV
added 2023/09/15 8:29 p.m.24 views

CVE-2023-42442 JumpServer session replays download without authentication

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS5.4AI score0.55861EPSS
Exploits5References5
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.3 views

Jumpserver Authorization Issues Vulnerability

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. JumpServer suffers from an authorization issue vulnerability that stems from downloading session replays without authentication...

8.2CVSS6.8AI score0.55861EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.7 views

PT-2023-5833 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...

8.2CVSS8.1AI score0.05404EPSS
Exploits4References20
ATTACKERKB
ATTACKERKB
added 2023/05/24 8:15 p.m.2 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.4CVSS5.9AI score0.00735EPSS
Exploits1References6
NVD
NVD
added 2023/05/24 8:15 p.m.32 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.4CVSS5.6AI score0.00735EPSS
Exploits1References5
OSV
OSV
added 2023/05/24 8:15 p.m.16 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.4CVSS6.3AI score
Exploits0References5
Prion
Prion
added 2023/05/24 8:15 p.m.26 views

Cross site scripting

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

4.9CVSS5.6AI score0.00735EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.10 views

Jumpserver 跨站脚本漏洞

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in Jumpserver versions 2.10.0 through 2.26.0, which stems from improper filtering of user input. An attacker can exploit the vulnerability to execute arbitrary...

5.4CVSS6.1AI score0.00735EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/05/24 12:0 a.m.33 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.7AI score0.00735EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.11 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.7AI score0.00735EPSS
Exploits1References5
CVE
CVE
added 2023/05/24 12:0 a.m.62 views

CVE-2022-42225

Jumpserver is affected by multiple stored XSS vulnerabilities in versions 2.10.0 through 2.26.0 due to improper filtering of user input, which can allow execution of arbitrary JavaScript with admin privileges. The documentation does not specify a fixed version; remediation guidance notes upgradin...

5.4CVSS5.5AI score0.00735EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/03/16 5:15 p.m.24 views

CVE-2023-28110

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

9.9CVSS6.7AI score0.00848EPSS
Exploits1References2
Prion
Prion
added 2023/03/16 5:15 p.m.18 views

Design/Logic Flaw

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

6.5CVSS9.4AI score0.00848EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 4:18 p.m.10 views

CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

5.7CVSS9.6AI score0.00848EPSS
Exploits1References2
OSV
OSV
added 2023/03/16 4:18 p.m.23 views

CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

5.7CVSS9AI score0.00848EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/03/16 4:18 p.m.32 views

CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...

5.7CVSS9.7AI score0.00848EPSS
Exploits1References2
CVE
CVE
added 2023/03/16 4:18 p.m.67 views

CVE-2023-28110

CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...

9.9CVSS7.6AI score0.00848EPSS
Exploits1References2Affected Software2
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.14 views

Jumpserver 命令注入漏洞

Jumpserver is an open source bastion from Hangzhou Feizhiyun Information Technology Co. in China. A command injection vulnerability exists in Jumpserver versions prior to 2.28.8. Attackers use this vulnerability to connect to a Kubernetes cluster via Koko using an illegal token, resulting in the...

9.9CVSS8.6AI score0.00848EPSS
Exploits1References3
NVD
NVD
added 2021/07/23 9:15 p.m.24 views

CVE-2021-3169

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...

10CVSS0.0275EPSS
Exploits0References3
Rows per page
Query Builder