Fit2cloud

Jumpserver

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2026-31864

  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 19:22:05
  • Zuletzt bearbeitet 18.03.2026 13:09:28

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be ...

5

CVE-2026-31798

  • EPSS 0.02%
  • Veröffentlicht 13.03.2026 19:15:26
  • Zuletzt bearbeitet 18.03.2026 13:07:58

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API...

6.1

CVE-2025-58044

  • EPSS 1.48%
  • Veröffentlicht 01.12.2025 20:17:44
  • Zuletzt bearbeitet 05.12.2025 19:48:05

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead t...

7.1

CVE-2025-62795

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 16:56:09
  • Zuletzt bearbeitet 12.11.2025 15:26:50

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sendin...

8.1

CVE-2025-62712

  • EPSS 0.08%
  • Veröffentlicht 30.10.2025 16:15:36
  • Zuletzt bearbeitet 12.11.2025 15:26:13

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other u...

4.3

CVE-2025-27095

Exploit
  • EPSS 0.23%
  • Veröffentlicht 31.03.2025 16:15:23
  • Zuletzt bearbeitet 12.11.2025 15:50:12

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to re...

9.8

CVE-2024-40629

  • EPSS 9.36%
  • Veröffentlicht 18.07.2024 17:15:04
  • Zuletzt bearbeitet 25.03.2025 20:15:22

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansib...

9.1

CVE-2024-40628

  • EPSS 0.87%
  • Veröffentlicht 18.07.2024 17:15:04
  • Zuletzt bearbeitet 25.03.2025 20:15:22

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansib...

9.9

CVE-2024-29202

Exploit
  • EPSS 81.15%
  • Veröffentlicht 29.03.2024 15:15:12
  • Zuletzt bearbeitet 25.03.2025 20:15:21

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the...

5.3

CVE-2024-29020

  • EPSS 0.15%
  • Veröffentlicht 29.03.2024 15:15:11
  • Zuletzt bearbeitet 09.01.2025 17:20:18

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This br...