7 matches found
CVE-2023-42442
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
CVE-2023-42442 CVE-2023-42442 – JumpServer Session recording...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
Process of exploiting the JumpServer unauthorized acce...
CVE-2023-42442
Summary: CVE-2023-42442 affects JumpServer (3.0.0 up to versions before 3.5.5 and 3.6.4). The vulnerability is an authentication flaw in the API /api/v1/terminal/sessions/ that allows anonymous access, enabling information disclosure. Additionally, session replays can be downloaded without authen...
CVE-2023-42442 JumpServer session replays download without authentication
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...