cbcvebase.

Fit2Cloud Jumpserver vulnerabilities

24 known vulnerabilities affecting fit2cloud/jumpserver.

Total CVEs
24
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH5MEDIUM10

Vulnerabilities

Page 1 of 2
CVE-2023-42442P2MEDIUMCVSS 5.3PoC≥ 3.0.0, < 3.5.5≥ 3.6.0, < 3.6.42023-09-15
CVE-2023-42442 [MEDIUM] CWE-287 CVE-2023-42442: JumpServer is an open source bastion host and a professional operation and maintenance security audi JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission
nvd
CVE-2023-43651P2CRITICALCVSS 9.9≥ 2.0.0, < 2.28.20≥ 3.0.0, < 3.7.12023-09-27
CVE-2023-43651 [CRITICAL] CWE-94 CVE-2023-43651: JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in Mong JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the author
nvd
CVE-2024-40629P2CRITICALCVSS 9.8≥ 3.0.0, < 3.10.122024-07-18
CVE-2024-40629 [CRITICAL] CWE-22 CVE-2024-40629: JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT tea JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container
nvd
CVE-2024-29201P2CRITICALCVSS 9.9≥ 3.0.0, < 3.10.72024-03-29
CVE-2024-29201 [CRITICAL] CWE-94 CVE-2024-29201: JumpServer is an open source bastion host and an operation and maintenance security audit system. At JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information
nvd
CVE-2024-29202P2CRITICALCVSS 9.9≥ 3.0.0, < 3.10.72024-03-29
CVE-2024-29202 [CRITICAL] CWE-94 CVE-2024-29202: JumpServer is an open source bastion host and an operation and maintenance security audit system. At JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive
nvd
CVE-2023-42818P2CRITICALCVSS 9.8fixed in 3.5.6≥ 3.6.0, < 3.6.52023-09-27
CVE-2023-42818 [CRITICAL] CWE-287 CVE-2023-42818: JumpServer is an open source bastion host. When users enable MFA and use a public key for authentica JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in v
nvd
CVE-2024-40628P2CRITICALCVSS 9.1≥ 3.0.0, < 3.10.122024-07-18
CVE-2024-40628 [CRITICAL] CWE-22 CVE-2024-40628: JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT tea JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclo
nvd
CVE-2023-43652P2CRITICALCVSS 9.1≥ 2.0.0, < 2.28.20≥ 3.0.0, < 3.7.12023-09-27
CVE-2023-43652 [CRITICAL] CWE-862 CVE-2023-43652: JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticat JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provid
nvd
CVE-2023-48193P2CRITICALCVSS 9.8v3.8.02023-11-28
CVE-2023-48193 [CRITICAL] CVE-2023-48193: Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute a Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.
nvd
CVE-2025-58044P3MEDIUMCVSS 6.1PoCfixed in 3.10.19≥ 4.0.0, < 4.10.52025-12-01
CVE-2025-58044 [MEDIUM] CWE-601 CVE-2025-58044: JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
nvd
CVE-2023-28110P3CRITICALCVSS 9.9fixed in 2.28.82023-03-16
CVE-2023-28110 [CRITICAL] CWE-77 CVE-2023-28110: Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko co
nvd
CVE-2024-24763P3MEDIUMCVSS 6.1PoCfixed in 3.10.02024-02-20
CVE-2024-24763 [MEDIUM] CWE-601 CVE-2024-24763: JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No kno
nvd
CVE-2025-62712P3HIGHCVSS 8.1fixed in 3.10.20≥ 4.0.0, < 4.10.112025-10-30
CVE-2025-62712 [HIGH] CWE-862 CVE-2025-62712: JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/v1/authentication/super-connection-token/). When acces
nvd
CVE-2023-42819P3HIGHCVSS 8.8≥ 3.0.0, < 3.6.52023-09-27
CVE-2023-42819 [HIGH] CWE-22 CVE-2023-42819: JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided
nvd
CVE-2023-42820P3HIGHCVSS 8.2≥ 2.24.0, < 2.28.19≥ 3.0.0, < 3.6.52023-09-27
CVE-2023-42820 [HIGH] CWE-200 CVE-2023-42820: JumpServer is an open source bastion host. This vulnerability is due to exposing the random number s JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to
nvd
CVE-2023-43650P3HIGHCVSS 7.4≥ 2.0.0, < 2.28.20≥ 3.0.0, < 3.7.12023-09-27
CVE-2023-43650 [HIGH] CWE-640 CVE-2023-43650: JumpServer is an open source bastion host. The verification code for resetting user's password is vu JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the passwor
nvd
CVE-2025-62795P3HIGHCVSS 7.1fixed in 3.10.21≥ 4.0.0, < 4.10.122025-10-30
CVE-2025-62795 [HIGH] CWE-863 CVE-2025-62795: JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially
nvd
CVE-2026-31864P3MEDIUMCVSS 6.8fixed in 3.10.22≥ 4.0.0, < 4.10.162026-03-13
CVE-2026-31864 [MEDIUM] CWE-1336 CVE-2026-31864: JumpServer is an open source bastion host and an operation and maintenance security audit system. a JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges (Application Applet Management or Virtual Applicati
nvd
CVE-2023-46123P4MEDIUMCVSS 5.3fixed in 3.8.02023-10-25
CVE-2023-46123 [MEDIUM] CWE-307 CVE-2023-46123: jumpserver is an open source bastion machine, professional operation and maintenance security audit jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password atte
nvd
CVE-2024-29024P4MEDIUMCVSS 5.3≥ 3.0.0, < 3.10.62024-03-29
CVE-2024-29024 [MEDIUM] CWE-639 CVE-2024-29024: JumpServer is an open source bastion host and an operation and maintenance security audit system. An JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vu
nvd
Fit2Cloud Jumpserver vulnerabilities | cvebase