CVE-2023-42820
CVE-2023-42820 CVE-2023-42820 漏洞说明 JumpServer 密码重置漏洞 USAGE 计算验证码需要指定对应邮箱的用户名,运行后会自动判断是否存在漏洞,并尝试计算验证码 python CVE-2023-42820py -t IP:Port -e email -u username ██████╗██╗ ██╗███████╗ ██████╗ ██████
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fit2cloud jumpserver |