Jumpserver Security Vulnerabilities and Issues — Jumpserver CVE List

Lucene search

Fit2cloudJumpserver

4 matches found

CVE•added 2024/03/29 3:15 p.m.•77 views

CVE-2024-29201

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database ...

9.9CVSS9.6AI score0.55004EPSS

CVE•added 2024/03/29 3:15 p.m.•77 views

CVE-2024-29202

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and h...

9.9CVSS9.5AI score0.68083EPSS

CVE•added 2024/03/29 3:15 p.m.•58 views

CVE-2024-29020

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information d...

5.3CVSS4.4AI score0.00113EPSS

CVE•added 2024/03/29 3:15 p.m.•55 views

CVE-2024-29024

JumpServer is an open source bastion host and an operation and maintenance security audit system.An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisin...

5.3CVSS4.6AI score0.00092EPSS