CVE-2023-42820
- EPSS 62.79%
- Veröffentlicht 27.09.2023 15:19:33
- Zuletzt bearbeitet 21.11.2024 08:23:17
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled ...
CVE-2023-42819
- EPSS 40.8%
- Veröffentlicht 27.09.2023 15:19:33
- Zuletzt bearbeitet 21.11.2024 08:23:16
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adab...
CVE-2023-42442
- EPSS 87.89%
- Veröffentlicht 15.09.2023 21:15:11
- Zuletzt bearbeitet 21.11.2024 08:22:32
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored...
CVE-2023-28110
- EPSS 1.45%
- Veröffentlicht 16.03.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 07:54:25
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernete...