11 matches found
CVE-2025-27095
CVE-2025-27095 (JumpServer) affects JumpServer, an open source bastion host/O&M security audit system. Before versions 4.8.0 and 3.10.18, a low-privilege user can access the Kubernetes session feature and modify the kubeconfig file to redirect API requests to an attacker-controlled external serve...
CVE-2024-24763
JumpServer before v3.10.0 has an Open Redirect vulnerability (likely via the next parameter) that can redirect unauthenticated users to malicious URLs, enabling phishing and potential cross-site scripting. The issue is fixed in v3.10.0; upgrade to 3.10.0 or later. If not applicable, no workaround...
CVE-2023-42818
JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...
CVE-2023-28110
CVE-2023-28110 affects Jumpserver’s Koko component (Go version of coco). Before v2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko enables a command injection that can disrupt the Koko container environment and impact normal operation. The issue has a fixed release in v...
CVE-2023-46123
CVE-2023-46123 describes a bypass of password brute-force protections in JumpServer’s Core API by spoofing arbitrary IP addresses, enabling attackers to perform unlimited password attempts. Affected: JumpServer (open source bastion/O&M system) prior to version 3.8.0. Mitigation: patch applied in ...
CVE-2025-62712
CVE-2025-62712 affects JumpServer. In versions before 3.10.20-lts and 4.10.11-lts, an authenticated, non-privileged user can retrieve other users’ connection tokens via the /api/v1/authentication/super-connection-token/ endpoint. When accessed through a browser, the endpoint returns tokens from a...
CVE-2025-62795
JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...
CVE-2023-46138
CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...
CVE-2025-58044
JumpServer contains an Open Redirect vulnerability in the /core/i18n// API where the Referer header is used as a redirection target without proper validation. Affected versions are prior to 3.10.19 and prior to 4.10.5. The issue is fixed in JumpServer v3.10.19 and v4.10.5. Remediation: upgrade to...
CVE-2026-31864
JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...
CVE-2026-31798
CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...