Unrated severityNVD Advisory· Published Sep 26, 2023· Updated Sep 23, 2024
Random seed leakage in Jumpserver
CVE-2023-42820
Description
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.28.19 || >=3.0.0 <3.6.5+ 1 more
- (no CPE)range: <2.28.19 || >=3.0.0 <3.6.5
- (no CPE)range: >= 2.24, < 2.28.19
Patches
Vulnerability mechanics
References
2- github.com/jumpserver/jumpserver/commit/42337f0d00b2a8d45ef063eb5b7deeef81597da5mitrex_refsource_MISC
- github.com/jumpserver/jumpserver/security/advisories/GHSA-7prv-g565-82qpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.