15 matches found
CVE-2024-29202
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...
CVE-2024-29201
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...
CVE-2024-40629
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...
CVE-2024-40628
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
CVE-2024-40629
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver
JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery...
PT-2024-5027 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.12 JumpServer versions prior to 4.0.0 Description: JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes...
PT-2024-5028 · Unknown +2 · Jumpserver +2
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.12 JumpServer versions prior to 4.0.0 Description: The issue is related to the JumpServer Privileged Access Management PAM tool, which provides secure access to various endpoints through a web browser. An...
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...
CVE-2024-29201
JumpServer (open source bastion host) has a vulnerability in its Ansible workflow that allows bypassing input validation to execute arbitrary code inside the Celery container, which runs with root privileges and has database access. Exploitation could lead to unauthorized data access or manipulat...
JumpServer 安全漏洞
JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer versions prior to v3.10.7, which stems from a vulnerability that allows an attacker to bypass the input validation mechanism in JumpServer's Ansibl...
JumpServer 代码注入漏洞
JumpServer is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. A security vulnerability exists in JumpServer versions prior to v3.10.7, which stems from a vulnerability that allows an attacker to exploit a Jinja2 template injection vulnerability in...
PT-2024-4192 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.10.7 Description: The issue is related to insufficient input validation in JumpServer's Ansible, allowing remote attackers to bypass the input validation mechanism and execute arbitrary code within the Celery...
PT-2024-22804
Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.7 Description JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execut...