7 matches found
CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Improper Authentication in Fit2Cloud Jumpserver
BlackJump Chinese |...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver
CVE-2023-42820 CVE-2023-42820 Vulnerability Description...
CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local...
CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local...
CVE-2023-42820
JumpServer exposes the random number seed to its API, enabling replay of generated verification codes and potentially password resets. Affected versions include 2.28.19 and 3.6.5; upgrades to these versions are recommended. If MFA is enabled or if users are not using local authentication, they ar...