3 matches found
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...
CVE-2023-43652
CVE-2023-43652 affects JumpServer (open source bastion host). An unauthenticated user can authenticate to the core API using a username and an SSH public key without a password or private key, enabling access to the current user’s information and authorized actions. The vulnerability stems from a...