3 matches found
CVE-2023-42819
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker ca...
Exploit for Path Traversal in Fit2Cloud Jumpserver
CVE-2023-42819 CVE-2023-42819 Description of the Vulne...
CVE-2023-42819
CVE-2023-42819 is a directory traversal vulnerability in JumpServer. Authenticated users can access and modify arbitrary files via the API endpoint /api/v1/ops/playbook/{playbook_id}/file/?key=../../../../../../../etc/passwd, enabling file disclosure (and potential modification) on affected syste...