Jumpserver Security Vulnerabilities and Issues — Jumpserver CVE List

Lucene search

Fit2cloudJumpserver

4 matches found

CVE•added 2024/03/29 3:15 p.m.•58 views

CVE-2024-29020

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information d...

5.3CVSS4.4AI score0.00113EPSS

CVE•added 2024/03/29 3:15 p.m.•55 views

CVE-2024-29024

JumpServer is an open source bastion host and an operation and maintenance security audit system.An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisin...

5.3CVSS4.6AI score0.00092EPSS

CVE•added 2023/10/25 6:17 p.m.•48 views

CVE-2023-46123

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, a...

5.3CVSS5.5AI score0.00682EPSS

CVE•added 2023/10/31 12:15 a.m.•25 views

CVE-2023-46138

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is admin[@]mycompany[.]com, and users reset their passwords by sending an email. Currently, the domain mycompany.com...

5.3CVSS4.9AI score0.00041EPSS