Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fit2cloud jumpserver vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48193
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote malicious user to execute arbitrary code via bypassing the command filtering function.
Fit2cloud Jumpserver 3.8.0
NA
CVE-2023-46138
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the...
Fit2cloud Jumpserver
NA
CVE-2023-46123
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows malicious users to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploit...
Fit2cloud Jumpserver
NA
CVE-2023-43651
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI...
Fit2cloud Jumpserver
1 Github repository
NA
CVE-2023-42818
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force au...
Fit2cloud Jumpserver
NA
CVE-2023-43650
JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-dig...
Fit2cloud Jumpserver
NA
CVE-2023-43652
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and...
Fit2cloud Jumpserver
NA
CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users no...
Fit2cloud Jumpserver
5 Github repositories
NA
CVE-2023-42819
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c3...
Fit2cloud Jumpserver
2 Github repositories
NA
CVE-2023-42442
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud st...
Fit2cloud Jumpserver
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »