5 matches found
EUVD-2023-31828
Malicious code in bioql PyPI...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a vulnerable LeeEirc\crypto dependency. An attacker can utilize a disclosed public key to attempt brute-force authentication against the SSH service. Note: While the vulnerability exists in...
CVE-2023-28110
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. Details Through the WEB CLI interface provided by koko, a user logs...
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the...