Fit2cloud

Jumpserver

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-58044

  • EPSS 0.03%
  • Veröffentlicht 01.12.2025 20:17:44
  • Zuletzt bearbeitet 05.12.2025 19:48:05

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead t...

7.1

CVE-2025-62795

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 16:56:09
  • Zuletzt bearbeitet 12.11.2025 15:26:50

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sendin...

8.1

CVE-2025-62712

  • EPSS 0.07%
  • Veröffentlicht 30.10.2025 16:15:36
  • Zuletzt bearbeitet 12.11.2025 15:26:13

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other u...

4.3

CVE-2025-27095

Exploit
  • EPSS 0.05%
  • Veröffentlicht 31.03.2025 16:15:23
  • Zuletzt bearbeitet 12.11.2025 15:50:12

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to re...

9.8

CVE-2024-40629

  • EPSS 9.36%
  • Veröffentlicht 18.07.2024 17:15:04
  • Zuletzt bearbeitet 25.03.2025 20:15:22

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansib...

9.1

CVE-2024-40628

  • EPSS 0.75%
  • Veröffentlicht 18.07.2024 17:15:04
  • Zuletzt bearbeitet 25.03.2025 20:15:22

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansib...

9.9

CVE-2024-29202

Exploit
  • EPSS 81.15%
  • Veröffentlicht 29.03.2024 15:15:12
  • Zuletzt bearbeitet 25.03.2025 20:15:21

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the...

9.9

CVE-2024-29201

Exploit
  • EPSS 68.52%
  • Veröffentlicht 29.03.2024 15:15:11
  • Zuletzt bearbeitet 25.03.2025 20:15:21

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery cont...

5.3

CVE-2024-29024

  • EPSS 0.09%
  • Veröffentlicht 29.03.2024 15:15:11
  • Zuletzt bearbeitet 09.01.2025 17:32:54

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs ...

5.3

CVE-2024-29020

  • EPSS 0.15%
  • Veröffentlicht 29.03.2024 15:15:11
  • Zuletzt bearbeitet 09.01.2025 17:20:18

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This br...