📦 Jumpserver
by Fit2cloud
🔍 What is Jumpserver?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
An authenticated non-privileged user in JumpServer can retrieve connection tokens belonging to all users via the super-connection API endpoint, allowing them to impersonate other users and gain unauth...
This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery container, which runs with root privileges and database access. Exploitation can lead to complete com...
This CVE describes a Jinja2 template injection vulnerability in JumpServer's Ansible component that allows authenticated attackers to execute arbitrary code with root privileges in the Celery containe...
This vulnerability in JumpServer allows remote attackers to bypass command filtering restrictions and execute arbitrary code on affected systems. It affects JumpServer GPLv3 v3.8.0 installations where...
This vulnerability allows low-privileged authenticated users in JumpServer to bypass authorization checks and invoke LDAP configuration tests or synchronization via WebSocket messages. This could expo...
This vulnerability allows authenticated users of JumpServer to exploit MongoDB sessions through the WEB CLI interface to execute arbitrary commands, leading to remote code execution. Attackers can pot...
JumpServer's password reset verification code lacks rate limiting, allowing attackers to brute-force the 6-digit code within its 1-minute validity window. This vulnerability enables unauthorized passw...
This vulnerability in JumpServer exposes the random number seed via API, allowing attackers to predict or replay verification codes used for password resets. This could enable unauthorized password re...
This CVE describes an open redirect vulnerability in JumpServer's internationalization endpoint. Attackers can craft malicious URLs that redirect users to arbitrary external sites by exploiting improp...
This vulnerability allows attackers with low-privileged JumpServer accounts to manipulate Kubernetes session configurations to redirect API requests to external servers they control. This enables inte...