24 matches found
CVE-2023-42820
JumpServer exposes the random number seed to its API, enabling replay of generated verification codes and potentially password resets. Affected versions include 2.28.19 and 3.6.5; upgrades to these versions are recommended. If MFA is enabled or if users are not using local authentication, they ar...
CVE-2023-43652
CVE-2023-43652 affects JumpServer (open source bastion host). An unauthenticated user can authenticate to the core API using a username and an SSH public key without a password or private key, enabling access to the current user’s information and authorized actions. The vulnerability stems from a...
CVE-2023-42819
CVE-2023-42819 is a directory traversal vulnerability in JumpServer. Authenticated users can access and modify arbitrary files via the API endpoint /api/v1/ops/playbook/{playbook_id}/file/?key=../../../../../../../etc/passwd, enabling file disclosure (and potential modification) on affected syste...
CVE-2025-27095
CVE-2025-27095 (JumpServer) affects JumpServer, an open source bastion host/O&M security audit system. Before versions 4.8.0 and 3.10.18, a low-privilege user can access the Kubernetes session feature and modify the kubeconfig file to redirect API requests to an attacker-controlled external serve...
CVE-2024-24763
JumpServer before v3.10.0 has an Open Redirect vulnerability (likely via the next parameter) that can redirect unauthenticated users to malicious URLs, enabling phishing and potential cross-site scripting. The issue is fixed in v3.10.0; upgrade to 3.10.0 or later. If not applicable, no workaround...
CVE-2024-29201
JumpServer (open source bastion host) has a vulnerability in its Ansible workflow that allows bypassing input validation to execute arbitrary code inside the Celery container, which runs with root privileges and has database access. Exploitation could lead to unauthorized data access or manipulat...
CVE-2023-43651
CVE-2023-43651 affects JumpServer, an open-source bastion host. The issue enables an authenticated user to exploit a vulnerability in MongoDB sessions via the koko WEB CLI to execute arbitrary commands and potentially gain root privileges on the host. The root cause is execution of arbitrary comm...
CVE-2024-29202
CVE-2024-29202 concerns JumpServer, an open source bastion host. Multiple connected sources confirm a Jinja2 template injection in JumpServer’s Ansible component that allows arbitrary code execution inside the Celery container. The Celery container reportedly runs with root privileges and has acc...
CVE-2023-42818
JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...
CVE-2023-42442
Summary: CVE-2023-42442 affects JumpServer (3.0.0 up to versions before 3.5.5 and 3.6.4). The vulnerability is an authentication flaw in the API /api/v1/terminal/sessions/ that allows anonymous access, enabling information disclosure. Additionally, session replays can be downloaded without authen...
CVE-2024-40628
CVE-2024-40628—JumpServer arbitrary file read : The vulnerability arises from exploiting an ansible playbook to read files inside the celery container, which runs as root and has database access. This can lead to sensitive data disclosure, theft of host secrets, creation of admin JumpServer accou...
CVE-2024-29020
JumpServer (open source bastion host and O&M security audit system) contains a confidentiality flaw where an authorized attacker can obtain sensitive data from playbook files if they learn another user’s playbook_id. Affected versions are before 3.10.6. The issue is fixed in v3.10.6; remediation ...
CVE-2024-29024
CVE-2024-29024 affects JumpServer; an authenticated user can abuse an Insecure Direct Object Reference (IDOR) in the file manager’s bulk transfer to manipulate job IDs and upload malicious files. Impact noted as compromising integrity/security of the system. Remediation: upgrade to version 3.10.6...
CVE-2023-43650
CVE-2023-43650 affects JumpServer and describes an authentication issue where the verification code used for password resets is not rate-limited, enabling brute-force attempts. The 6-digit code (000000–999999) is sent for password reset and can be targeted within a 1-minute window, potentially al...
CVE-2023-28110
CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...
CVE-2023-46123
CVE-2023-46123 describes a bypass of password brute-force protections in JumpServer’s Core API by spoofing arbitrary IP addresses, enabling attackers to perform unlimited password attempts. Affected: JumpServer (open source bastion/O&M system) prior to version 3.8.0. Mitigation: patch applied in ...
CVE-2024-40629
CVE-2024-40629 affects JumpServer PAM. An attacker can misuse an Ansible playbook to write arbitrary files, triggering remote code execution in the Celery container. The Celery container runs as root and has database access, enabling access to secrets and the possibility to create an admin JumpSe...
CVE-2025-62712
CVE-2025-62712 affects JumpServer. In versions before 3.10.20-lts and 4.10.11-lts, an authenticated, non-privileged user can retrieve other users’ connection tokens via the /api/v1/authentication/super-connection-token/ endpoint. When accessed through a browser, the endpoint returns tokens from a...
CVE-2023-48193
The CVE-2023-48193 entry concerns JumpServer GPLv3, version 3.8.0, with an Insecure Permissions vulnerability that allows a remote attacker to execute arbitrary code by bypassing the command filtering function. This is described across multiple sources (NVD/OSV) as a high-severity issue (CVSS 9.8...
CVE-2025-62795
JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...
CVE-2023-46138
CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...
CVE-2025-58044
JumpServer contains an Open Redirect vulnerability in the /core/i18n// API where the Referer header is used as a redirection target without proper validation. Affected versions are prior to 3.10.19 and prior to 4.10.5. The issue is fixed in JumpServer v3.10.19 and v4.10.5. Remediation: upgrade to...
CVE-2026-31864
JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...
CVE-2026-31798
CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...