1 results (0.001 seconds)

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8. • https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8 https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •