CVE-2025-58044
- EPSS 0.04%
- Veröffentlicht 01.12.2025 20:17:44
- Zuletzt bearbeitet 05.12.2025 19:48:05
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead t...
CVE-2025-62795
- EPSS 0.05%
- Veröffentlicht 30.10.2025 16:56:09
- Zuletzt bearbeitet 12.11.2025 15:26:50
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sendin...
CVE-2025-62712
- EPSS 0.1%
- Veröffentlicht 30.10.2025 16:15:36
- Zuletzt bearbeitet 12.11.2025 15:26:13
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other u...
CVE-2025-27095
- EPSS 0.23%
- Veröffentlicht 31.03.2025 16:15:23
- Zuletzt bearbeitet 12.11.2025 15:50:12
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to re...
- EPSS 1.08%
- Veröffentlicht 23.07.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:21:03
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.