Lucene search
K
Fit2cloudJumpserver

24 matches found

CVE
CVE
added 2023/09/26 8:35 p.m.2679 views

CVE-2023-42820

JumpServer exposes the random number seed to its API, enabling replay of generated verification codes and potentially password resets. Affected versions include 2.28.19 and 3.6.5; upgrades to these versions are recommended. If MFA is enabled or if users are not using local authentication, they ar...

8.2CVSS7.5AI score0.05404EPSS
In wild
CVE
CVE
added 2023/09/27 6:31 p.m.2517 views

CVE-2023-43652

CVE-2023-43652 affects JumpServer (open source bastion host). An unauthenticated user can authenticate to the core API using a username and an SSH public key without a password or private key, enabling access to the current user’s information and authorized actions. The vulnerability stems from a...

9.1CVSS9AI score0.00675EPSS
CVE
CVE
added 2023/09/26 8:40 p.m.2501 views

CVE-2023-42819

CVE-2023-42819 is a directory traversal vulnerability in JumpServer. Authenticated users can access and modify arbitrary files via the API endpoint /api/v1/ops/playbook/{playbook_id}/file/?key=../../../../../../../etc/passwd, enabling file disclosure (and potential modification) on affected syste...

8.9CVSS8.6AI score0.01856EPSS
Web
CVE
CVE
added 2025/03/31 3:8 p.m.147 views

CVE-2025-27095

CVE-2025-27095 (JumpServer) affects JumpServer, an open source bastion host/O&M security audit system. Before versions 4.8.0 and 3.10.18, a low-privilege user can access the Kubernetes session feature and modify the kubeconfig file to redirect API requests to an attacker-controlled external serve...

4.3CVSS4.5AI score0.00307EPSS
CVE
CVE
added 2024/02/20 5:35 p.m.105 views

CVE-2024-24763

JumpServer before v3.10.0 has an Open Redirect vulnerability (likely via the next parameter) that can redirect unauthenticated users to malicious URLs, enabling phishing and potential cross-site scripting. The issue is fixed in v3.10.0; upgrade to 3.10.0 or later. If not applicable, no workaround...

6.1CVSS4.5AI score0.01057EPSS
CVE
CVE
added 2024/03/29 2:57 p.m.97 views

CVE-2024-29201

JumpServer (open source bastion host) has a vulnerability in its Ansible workflow that allows bypassing input validation to execute arbitrary code inside the Celery container, which runs with root privileges and has database access. Exploitation could lead to unauthorized data access or manipulat...

9.9CVSS9.6AI score0.05939EPSS
CVE
CVE
added 2023/09/27 8:24 p.m.96 views

CVE-2023-43651

CVE-2023-43651 affects JumpServer, an open-source bastion host. The issue enables an authenticated user to exploit a vulnerability in MongoDB sessions via the koko WEB CLI to execute arbitrary commands and potentially gain root privileges on the host. The root cause is execution of arbitrary comm...

9.9CVSS9.7AI score0.01716EPSS
CVE
CVE
added 2024/03/29 2:57 p.m.94 views

CVE-2024-29202

CVE-2024-29202 concerns JumpServer, an open source bastion host. Multiple connected sources confirm a Jinja2 template injection in JumpServer’s Ansible component that allows arbitrary code execution inside the Celery container. The Celery container reportedly runs with root privileges and has acc...

9.9CVSS9.5AI score0.05939EPSS
CVE
CVE
added 2023/09/27 8:28 p.m.76 views

CVE-2023-42818

JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...

9.8CVSS7.4AI score0.00582EPSS
CVE
CVE
added 2023/09/15 8:29 p.m.74 views

CVE-2023-42442

Summary: CVE-2023-42442 affects JumpServer (3.0.0 up to versions before 3.5.5 and 3.6.4). The vulnerability is an authentication flaw in the API /api/v1/terminal/sessions/ that allows anonymous access, enabling information disclosure. Additionally, session replays can be downloaded without authen...

8.2CVSS6.5AI score0.55861EPSS
Web
CVE
CVE
added 2024/07/18 5:5 p.m.74 views

CVE-2024-40628

CVE-2024-40628—JumpServer arbitrary file read : The vulnerability arises from exploiting an ansible playbook to read files inside the celery container, which runs as root and has database access. This can lead to sensitive data disclosure, theft of host secrets, creation of admin JumpServer accou...

10CVSS9.2AI score0.00861EPSS
CVE
CVE
added 2024/03/29 2:46 p.m.72 views

CVE-2024-29020

JumpServer (open source bastion host and O&M security audit system) contains a confidentiality flaw where an authorized attacker can obtain sensitive data from playbook files if they learn another user’s playbook_id. Affected versions are before 3.10.6. The issue is fixed in v3.10.6; remediation ...

5.3CVSS4.4AI score0.00292EPSS
CVE
CVE
added 2024/03/29 2:45 p.m.69 views

CVE-2024-29024

CVE-2024-29024 affects JumpServer; an authenticated user can abuse an Insecure Direct Object Reference (IDOR) in the file manager’s bulk transfer to manipulate job IDs and upload malicious files. Impact noted as compromising integrity/security of the system. Remediation: upgrade to version 3.10.6...

5.3CVSS4.6AI score0.00235EPSS
CVE
CVE
added 2023/09/27 6:33 p.m.68 views

CVE-2023-43650

CVE-2023-43650 affects JumpServer and describes an authentication issue where the verification code used for password resets is not rate-limited, enabling brute-force attempts. The 6-digit code (000000–999999) is sent for password reset and can be targeted within a 1-minute window, potentially al...

8.2CVSS7.9AI score0.00505EPSS
CVE
CVE
added 2023/03/16 4:18 p.m.67 views

CVE-2023-28110

CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...

9.9CVSS7.6AI score0.00848EPSS
CVE
CVE
added 2023/10/25 12:13 a.m.63 views

CVE-2023-46123

CVE-2023-46123 describes a bypass of password brute-force protections in JumpServer’s Core API by spoofing arbitrary IP addresses, enabling attackers to perform unlimited password attempts. Affected: JumpServer (open source bastion/O&M system) prior to version 3.8.0. Mitigation: patch applied in ...

5.3CVSS5.5AI score0.00705EPSS
CVE
CVE
added 2024/07/18 5:4 p.m.63 views

CVE-2024-40629

CVE-2024-40629 affects JumpServer PAM. An attacker can misuse an Ansible playbook to write arbitrary files, triggering remote code execution in the Celery container. The Celery container runs as root and has database access, enabling access to secrets and the possibility to create an admin JumpSe...

10CVSS9.9AI score0.01272EPSS
CVE
CVE
added 2025/10/30 4:8 p.m.59 views

CVE-2025-62712

CVE-2025-62712 affects JumpServer. In versions before 3.10.20-lts and 4.10.11-lts, an authenticated, non-privileged user can retrieve other users’ connection tokens via the /api/v1/authentication/super-connection-token/ endpoint. When accessed through a browser, the endpoint returns tokens from a...

9.6CVSS6.3AI score0.00468EPSS
CVE
CVE
added 2023/11/28 12:0 a.m.45 views

CVE-2023-48193

The CVE-2023-48193 entry concerns JumpServer GPLv3, version 3.8.0, with an Insecure Permissions vulnerability that allows a remote attacker to execute arbitrary code by bypassing the command filtering function. This is described across multiple sources (NVD/OSV) as a high-severity issue (CVSS 9.8...

9.8CVSS9.8AI score0.01963EPSS
CVE
CVE
added 2025/10/30 4:56 p.m.42 views

CVE-2025-62795

JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...

7.1CVSS6.3AI score0.0026EPSS
CVE
CVE
added 2023/10/30 11:53 p.m.41 views

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

5.3CVSS4.9AI score0.00316EPSS
CVE
CVE
added 2025/12/01 8:17 p.m.35 views

CVE-2025-58044

JumpServer contains an Open Redirect vulnerability in the /core/i18n// API where the Referer header is used as a redirection target without proper validation. Affected versions are prior to 3.10.19 and prior to 4.10.5. The issue is fixed in JumpServer v3.10.19 and v4.10.5. Remediation: upgrade to...

6.9CVSS6.4AI score0.00442EPSS
CVE
CVE
added 2026/03/13 7:22 p.m.15 views

CVE-2026-31864

JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...

6.8CVSS6.2AI score0.00347EPSS
CVE
CVE
added 2026/03/13 7:15 p.m.13 views

CVE-2026-31798

CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...

5CVSS5.9AI score0.00097EPSS