CVE-2023-42818

SSH public key login without private key challenge if mfa is enabled in jumpserver

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.

JumpServer es un host de bastionado de código abierto. Cuando los usuarios habilitan MFA y usan una clave pública para la autenticación, el servidor Koko SSH no verifica la clave privada SSH correspondiente. Un atacante podría aprovechar la vulnerabilidad utilizando una clave pública revelada para intentar la autenticación de fuerza bruta contra el servicio SSH. Este problema se solucionó en las versiones 3.6.5 y 3.5.6. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-09-14 CVE Reserved
2023-09-27 CVE Published
2024-09-23 CVE Updated
2024-09-23 First Exploit
2024-10-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication
CWE-307: Improper Restriction of Excessive Authentication Attempts

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-jv3c-27cv-w8jv	2024-09-23

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fit2cloud Search vendor "Fit2cloud"		Jumpserver Search vendor "Fit2cloud" for product "Jumpserver"				< 3.5.6 Search vendor "Fit2cloud" for product "Jumpserver" and version " < 3.5.6"		-		Affected
Fit2cloud Search vendor "Fit2cloud"		Jumpserver Search vendor "Fit2cloud" for product "Jumpserver"				>= 3.6.0 < 3.6.5 Search vendor "Fit2cloud" for product "Jumpserver" and version " >= 3.6.0 < 3.6.5"		-		Affected