CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

Design/Logic Flaw

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

Command Execution Vulnerability in Tianyue Network Security Audit System of Qixingchen Information Technology Group Co. Ltd (CNVD-2023-85472)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co.

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of Fuji...

Command execution vulnerability in Qixingchen Tianyue Network Security Audit System (CNVD-2023-71706)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

Weak Password Vulnerability in Black Shield Network Security Audit System

Fujian Strait Information Technology Co., Ltd. is a state-controlled high-tech enterprises, specializing in network security technology field of technical research, product sales, information security services and other businesses. A weak password vulnerability exists in the Black Shield Network...

Weak password vulnerability in SAS security audit system

SAS Security Audit System is a fortress developed by Green Alliance Technology. SAS Security Audit System has a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

File Upload Vulnerability in SecFox Security Audit System

SecFox Security Audit System is a security audit system of NetShen Information Technology Beijing Co. A file upload vulnerability exists in SecFox Security Audit System, which can be exploited by attackers to gain control of the server...

Information Disclosure Vulnerability in Built-in Reports of Renzi Network Security Audit System

Ltd. is the most comprehensive provider of large-scale cyberspace security protection solutions in China. There is an information leakage vulnerability in the built-in report of Renzihang Network Security Audit System, which can be exploited by an attacker to obtain the login password and log int...

Command Execution Vulnerability in Renzihang Cloud Ops Security Audit System

RENZHOU Cloud O&M Security Audit System is a powerful support platform for enterprise and public utility IT systems' internal pre-prevention, mid-monitoring, and post-auditing. A command execution vulnerability exists in RENZIHANG Cloud O&M Security Audit System, which can be exploited by attacke...

LOGBASE Operations Security Management System suffers from weak password vulnerability

LogBase O&M Security Management System is a new generation of operational behavior management security audit system. A weak password vulnerability exists in the LOGBASE Operations and Maintenance Security Management System. The vulnerability is due to the system is not set up for the first login ...

Weak Password Vulnerability in NetSense SecFox Security Audit System

SecFox Security Audit System is a security audit system of NetShen Information Technology Beijing Co. A weak password vulnerability exists in NetShen SecFox Security Audit System, which can be exploited by attackers to obtain sensitive information...

SecFox Security Audit System V5 suffers from Arbitrary File Download Vulnerability

SecFox Security Audit System V5 is a security audit system. SecFox Security Audit System V5 suffers from an arbitrary file download vulnerability. An attacker can exploit the vulnerability to download arbitrary files...

NetSense SecFox Security Audit System suffers from s2-045 Remote Command Execution Vulnerability

SecFox Security Audit System is a security audit system of NetShen Information Technology Co. NetShen SecFox Security Audit System suffers from a s2-045 remote command execution vulnerability. It allows an attacker to perform command execution and gain server privileges by adding a payload when...