Unrated severityNVD Advisory· Published Sep 26, 2023· Updated Sep 23, 2024

Path traversal in Jumpserver

CVE-2023-42819

Description

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Jumpserver/Jumpserverv5
Range: >= 3.0.0, < 3.6.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jumpserver/jumpserver/commit/d0321a74f1713d031560341c8fd0a1859e6510d8mitrex_refsource_MISC
github.com/jumpserver/jumpserver/security/advisories/GHSA-ghg2-2whp-6m33mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.031
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000