Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Fit2cloudJumpserver2.0.0

3 matches found

CVE
CVEadded 2023/09/27 7:15 p.m.2498 views

CVE-2023-43652

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as...

9.1CVSS9AI score0.00629EPSS
CVE
CVEadded 2023/09/27 9:15 p.m.78 views

CVE-2023-43651

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided...

9.9CVSS9.7AI score0.13919EPSS
CVE
CVEadded 2023/09/27 7:15 p.m.56 views

CVE-2023-43650

JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ra...

8.2CVSS7.9AI score0.00391EPSS