Login Sign Up

CVE-2023-48193

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability in JumpServer allows remote attackers to bypass command filtering restrictions and execute arbitrary code on affected systems. It affects JumpServer GPLv3 v3.8.0 installations where authorized users can execute files. The vulnerability is disputed because command filtering wasn't intended to restrict authorized users.

💻 Affected Systems

Products:
  • JumpServer
Versions: v3.8.0
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects GPLv3 version. Requires authorized user access to exploit. Disputed vulnerability - command filtering wasn't designed to restrict authorized users.

📦 What is this software?

Jumpserver by Fit2cloud

View all CVEs affecting Jumpserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, access sensitive data, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Privilege escalation and unauthorized command execution by authenticated users who bypass intended restrictions.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and command execution monitoring are implemented.

🌐 Internet-Facing: HIGH - JumpServer is often exposed to manage remote access, making internet-facing instances prime targets.
🏢 Internal Only: HIGH - Even internally, compromised JumpServer provides privileged access to managed systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access. GitHub references show technical details and bypass methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.8.1 or later

Vendor Advisory: https://github.com/jumpserver/jumpserver/issues/13394

Restart Required: Yes

Instructions:

1. Backup configuration and data. 2. Stop JumpServer services. 3. Update to v3.8.1 or later using package manager or manual installation. 4. Restart services. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict Command Execution

linux

Implement strict command filtering policies and limit user permissions to essential commands only.

Network Segmentation

all

Isolate JumpServer instance from critical systems and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement strict access controls and monitor all command execution activities
  • Deploy network segmentation and limit JumpServer's access to only necessary systems

🔍 How to Verify

Check if Vulnerable:

Check JumpServer version: if running v3.8.0, system is vulnerable. Review user command execution logs for unexpected activity.

Check Version:

jumpserver --version or check /opt/jumpserver/version.txt

Verify Fix Applied:

Verify version is v3.8.1 or later. Test command filtering functionality with authorized users.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized command execution attempts
  • Bypass of command filtering mechanisms
  • Unexpected system commands from JumpServer users

Network Indicators:

  • Unusual outbound connections from JumpServer
  • Command and control traffic patterns

SIEM Query:

source="jumpserver" AND (event="command_execution" OR event="filter_bypass")

📊 Metadata

CVE ID: CVE-2023-48193
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON