CVE-2023-42442
JumpServer session replays download without authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).
JumpServer es un host bastión de código abierto y un sistema profesional de auditoría de seguridad de operación y mantenimiento. A partir de la versión 3.0.0 y anteriores a las versiones 3.5.5 y 3.6.4, las repeticiones de sesiones se pueden descargar sin autenticación. Las repeticiones de sesiones almacenadas en S3, OSS u otro almacenamiento en la nube no se ven afectadas. El control de permisos de la API `/api/v1/terminal/sessions/` está broken y se puede acceder a él de forma anónima. Clases de permiso SessionViewSet establecidas en `[RBACPermission | IsSessionAssignee]`, la relación es o, por lo que se permitirá cualquier permiso coincidente. Las versiones 3.5.5 y 3.6.4 tienen una solución. Después de actualizar, visite la API `$HOST/api/v1/terminal/sessions/?limit=1`. El código de respuesta http esperado es 401 ("not_authenticated").
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-08 CVE Reserved
- 2023-09-15 CVE Published
- 2023-10-12 First Exploit
- 2024-08-02 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91 | Product |
| URL | Date | SRC |
|---|---|---|
| https://github.com/HolyGu/CVE-2023-42442 | 2023-10-12 | |
| https://github.com/C1ph3rX13/CVE-2023-42442 | 2023-10-31 | |
| https://github.com/tarihub/blackjump | 2024-05-16 | |
| https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a | 2023-09-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fit2cloud Search vendor "Fit2cloud" | Jumpserver Search vendor "Fit2cloud" for product "Jumpserver" | >= 3.0.0 < 3.5.5 Search vendor "Fit2cloud" for product "Jumpserver" and version " >= 3.0.0 < 3.5.5" | - |
Affected
| ||||||
| Fit2cloud Search vendor "Fit2cloud" | Jumpserver Search vendor "Fit2cloud" for product "Jumpserver" | >= 3.6.0 < 3.6.4 Search vendor "Fit2cloud" for product "Jumpserver" and version " >= 3.6.0 < 3.6.4" | - |
Affected
| ||||||