2 matches found
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...
CVE-2024-29201
JumpServer (open source bastion host) has a vulnerability in its Ansible workflow that allows bypassing input validation to execute arbitrary code inside the Celery container, which runs with root privileges and has database access. Exploitation could lead to unauthorized data access or manipulat...