CVE-2025-62712 JumpServer Connection Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

CVE-2025-62712 JumpServer Connection Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

CVE-2025-62712

CVE-2025-62712 affects JumpServer. In versions before 3.10.20-lts and 4.10.11-lts, an authenticated, non-privileged user can retrieve other users’ connection tokens via the /api/v1/authentication/super-connection-token/ endpoint. When accessed through a browser, the endpoint returns tokens from a...

PT-2025-44436

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.21-lts JumpServer versions prior to 4.10.12-lts Description JumpServer, an open source bastion host and operation and maintenance security audit system, contains an issue where a low-privileged authenticated...

PT-2025-44428

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to v3.10.20-lts and v4.10.11-lts Description JumpServer is an open source bastion host and an operation and maintenance security audit system. In affected versions, an authenticated, non-privileged user can retrieve...

JumpServer 安全漏洞

JumpServer is an open source bastion machine from Feizhiyun Information Technology JumpServer, Hangzhou, China. A security vulnerability exists in JumpServer versions prior to v3.10.20-lts and prior to v4.10.11-lts, which stems from a SuperConnect API endpoint that does not properly restrict acce...

JumpServer 安全漏洞

JumpServer is an open source bastion machine from Hangzhou, China-based Feizhiyun Information Technology JumpServer. A security vulnerability exists in JumpServer versions prior to v3.10.21-lts and prior to v4.10.12-lts, which originates from a specially crafted message that can be used by a...

EUVD-2025-8756

Malicious code in bioql PyPI...

EUVD-2023-48042

Malicious code in bioql PyPI...

EUVD-2023-52273

Malicious code in bioql PyPI...

EUVD-2024-38548

Malicious code in bioql PyPI...

EUVD-2024-26084

Malicious code in bioql PyPI...

EUVD-2023-48043

Malicious code in bioql PyPI...

EUVD-2023-50378

Malicious code in bioql PyPI...

EUVD-2024-38549

Malicious code in bioql PyPI...

EUVD-2022-45301

Malicious code in bioql PyPI...

EUVD-2023-31828

Malicious code in bioql PyPI...

SUSE CVE-2023-42818

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

GO-2025-3570 SSH public key login without private key challenge if mfa is enabled in jumpserver in github.com/jumpserver/koko in github.com/jumpserver/jumpserver

SSH public key login without private key challenge if mfa is enabled in jumpserver in github.com/jumpserver/koko in github.com/jumpserver/jumpserver...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a vulnerable LeeEirc\crypto dependency. An attacker can utilize a disclosed public key to attempt brute-force authentication against the SSH service. Note: While the vulnerability exists in...