Jumpserver
Monthly
JumpServer contains a Server-Side Template Injection (SSTI) vulnerability in its Applet and VirtualApp upload functionality that allows authenticated administrators to execute arbitrary code within the JumpServer Core container. The vulnerability affects JumpServer versions vulnerable to unsafe Jinja2 template rendering of user-uploaded YAML manifest files. While requiring high privilege level (Application Applet Management or Virtual Application Management permissions), successful exploitation results in complete container compromise with high confidentiality, integrity, and availability impact.
JumpServer prior to version 4.10.16-lts improperly validates certificates when sending MFA/OTP codes through a Custom SMS API Client, allowing an attacker to intercept SMS verification requests and capture one-time passcodes before they reach the user's phone. This vulnerability affects organizations using JumpServer as a bastion host and operational security audit system, potentially enabling unauthorized authentication bypass. The CVSS score of 5.0 and CWE-295 (Improper Certificate Validation) classification indicate a moderate but exploitable vulnerability requiring user interaction and moderate attack complexity.
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
JumpServer contains a Server-Side Template Injection (SSTI) vulnerability in its Applet and VirtualApp upload functionality that allows authenticated administrators to execute arbitrary code within the JumpServer Core container. The vulnerability affects JumpServer versions vulnerable to unsafe Jinja2 template rendering of user-uploaded YAML manifest files. While requiring high privilege level (Application Applet Management or Virtual Application Management permissions), successful exploitation results in complete container compromise with high confidentiality, integrity, and availability impact.
JumpServer prior to version 4.10.16-lts improperly validates certificates when sending MFA/OTP codes through a Custom SMS API Client, allowing an attacker to intercept SMS verification requests and capture one-time passcodes before they reach the user's phone. This vulnerability affects organizations using JumpServer as a bastion host and operational security audit system, potentially enabling unauthorized authentication bypass. The CVSS score of 5.0 and CWE-295 (Improper Certificate Validation) classification indicate a moderate but exploitable vulnerability requiring user interaction and moderate attack complexity.
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.