CVE-2023-43651P2MEDIUM≥ 2.0.0, < 2.28.20·≥ 3.0.0, < 3.7.12023-10-24
CVE-2023-43651 [MEDIUM] CWE-94 Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
### Impact
An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system.
### Details
Through the WEB CLI interface provided by
ghsaosv