VYPR

Jumpserver

by Jumpserver

Source repositories

CVEs (26)

  • CVE-2023-43652Sep 27, 2023
    risk 0.00cvss epss 0.01

    JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge…

  • CVE-2023-42819Sep 26, 2023
    risk 0.00cvss epss 0.02

    JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like…

  • CVE-2023-42820Sep 26, 2023
    risk 0.00cvss epss 0.05

    JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users…

  • CVE-2022-42225May 24, 2023
    risk 0.00cvss epss 0.01

    Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission.

  • CVE-2023-28110Mar 16, 2023
    risk 0.00cvss epss 0.01

    Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can…

  • CVE-2021-3169Jul 23, 2021
    risk 0.00cvss epss 0.03

    An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.

Page 2 of 2