CVE-2023-43651
Remote code execution on the host system via MongoDB shell in jumpserver
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
JumpServer es un host de bastionado de código abierto. Un usuario autenticado puede aprovechar una vulnerabilidad en las sesiones de MongoDB para ejecutar comandos arbitrarios, lo que lleva a la ejecución remota de código. Esta vulnerabilidad puede aprovecharse aún más para obtener privilegios de root en el sistema. A través de la interfaz WEB CLI proporcionada por el componente koko, un usuario inicia sesión en la base de datos mongoDB autorizada y explota la sesión de MongoDB para ejecutar comandos arbitrarios. Esta vulnerabilidad se ha solucionado en las versiones 2.28.20 y 3.7.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-09-20 CVE Reserved
- 2023-09-27 CVE Published
- 2024-09-23 CVE Updated
- 2024-09-23 First Exploit
- 2024-10-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96 | 2024-09-23 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fit2cloud Search vendor "Fit2cloud" | Jumpserver Search vendor "Fit2cloud" for product "Jumpserver" | >= 2.0.0 < 2.28.20 Search vendor "Fit2cloud" for product "Jumpserver" and version " >= 2.0.0 < 2.28.20" | - |
Affected
| ||||||
Fit2cloud Search vendor "Fit2cloud" | Jumpserver Search vendor "Fit2cloud" for product "Jumpserver" | >= 3.0.0 < 3.7.1 Search vendor "Fit2cloud" for product "Jumpserver" and version " >= 3.0.0 < 3.7.1" | - |
Affected
|