2 matches found
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...
CVE-2021-3169
The CVE affects Jumpserver prior to versions 2.6.2, 2.5.4, and 2.4.5, where an API without access control allows attackers to create a connection token and use it to access sensitive assets. The root cause is an unauthenticated or inadequately validated token creation pathway that bypasses access...