CVE-2023-42442 – JumpServer session replays download without authentication
https://notcve.org/view.php?id=CVE-2023-42442
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. • https://github.com/HolyGu/CVE-2023-42442 https://github.com/C1ph3rX13/CVE-2023-42442 https://github.com/tarihub/blackjump https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91 https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw • CWE-287: Improper Authentication •
CVE-2023-28110 – JumpServer Koko vulnerable to Command Injection for Kubernetes Connection
https://notcve.org/view.php?id=CVE-2023-28110
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8. • https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8 https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-3169
https://notcve.org/view.php?id=CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. Un problema en Jumpserver versiones 2.6.2 e inferiores, permite a atacantes crear un token de conexión mediante una API que no presenta control de acceso y usarlo para acceder a activos confidenciales • https://blog.fit2cloud.com/?p=1764 https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg https://s.tencent.com/research/bsafe/1228.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •