cbcvebase.

Fit2Cloud Jumpserver vulnerabilities

24 known vulnerabilities affecting fit2cloud/jumpserver.

Total CVEs
24
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH5MEDIUM10

Vulnerabilities

Page 2 of 2
CVE-2026-31798P4MEDIUMCVSS 5.0fixed in 4.10.162026-03-13
CVE-2026-31798 [MEDIUM] CWE-295 CVE-2026-31798: JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user'
nvd
CVE-2023-46138P4MEDIUMCVSS 5.3fixed in 3.8.02023-10-31
CVE-2023-46138 [MEDIUM] CWE-640 CVE-2023-46138: JumpServer is an open source bastion host and maintenance security audit system that complies with 4 JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is regi
nvd
CVE-2024-29020P4MEDIUMCVSS 5.3≥ 3.0.0, < 3.10.62024-03-29
CVE-2024-29020 [MEDIUM] CWE-639 CVE-2024-29020: JumpServer is an open source bastion host and an operation and maintenance security audit system. An JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerab
nvd
CVE-2025-27095P4MEDIUMCVSS 4.3fixed in 3.10.18≥ 4.0.0, < 4.8.02025-03-31
CVE-2025-27095 [MEDIUM] CWE-266 CVE-2025-27095: JumpServer is an open source bastion host and an operation and maintenance security audit system. Pr JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to int
nvd
Fit2Cloud Jumpserver vulnerabilities | cvebase