CVE-2021-3169

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...

Design/Logic Flaw

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...

PT-2021-19475 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: Jumpserver versions prior to 2.6.2 Jumpserver versions prior to 2.5.4 Jumpserver versions prior to 2.4.5 Description: An issue in Jumpserver allows attackers to create a connection token through an API which does not have access control and u...

Jumpserver 注入漏洞

Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. An injection vulnerability exists in Jumpserver versions 2.6.2 and below that allows an attacker to create a connection token via an API with no access control and use it to access sensitive...

CVE-2021-3169

An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...

CVE-2021-3169

The CVE affects Jumpserver prior to versions 2.6.2, 2.5.4, and 2.4.5, where an API without access control allows attackers to create a connection token and use it to access sensitive assets. The root cause is an unauthenticated or inadequately validated token creation pathway that bypasses access...

Jumpserver bastion is vulnerable to logic flaws

Jumpserver is an open source bastion , using the GNU GPLv2.0 open source protocol , is in line with the 4A professional operations audit system . Jumpserver bastion machine has a logic flaw vulnerability that can be exploited by attackers to cause MFA secondary authentication can be bypassed...