Published: 27/09/2023 Updated: 02/10/2023

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 0

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fit2cloud jumpserver

JumpServer - MySQL RCE JumpServer is the world's first open-source Bastion Host and is licensed under the GPLv3 It is a 4A-compliant professional operation and maintenance security audit system JumpServer uses Python / Django for development, follows Web 20 specifications, and is equipped with an industry-leading Web Terminal solution that provides a beautiful user inte

CWE-94 https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96 https://nvd.nist.gov https://github.com/N0th1n3/JumpServer-MySQLRCE

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-43651

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect