An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
References
Link | Resource |
---|---|
https://blog.fit2cloud.com/?p=1764 | Third Party Advisory |
https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg | Third Party Advisory |
https://s.tencent.com/research/bsafe/1228.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets. |
04 Aug 2021, 12:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:jumpserver:jumpserver:*:*:*:*:*:*:*:* | |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://blog.fit2cloud.com/?p=1764 - Third Party Advisory | |
References | (MISC) https://s.tencent.com/research/bsafe/1228.html - Third Party Advisory | |
References | (MISC) https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg - Third Party Advisory |
23 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-23 21:15
Updated : 2024-01-29 22:15
NVD link : CVE-2021-3169
Mitre link : CVE-2021-3169
CVE.ORG link : CVE-2021-3169
JSON object : View
Products Affected
jumpserver
- jumpserver
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')