jumpserver Cyber Security Vulnerability Stats and Metrics

Unauthorized Access in JumpServer Bastion Host by Low-Privileged Users

CVE-2025-62795

JumpserverJumpserver7.1HIGH

Unauthorized Access Vulnerability in JumpServer by JumpServer

CVE-2025-62712

JumpserverJumpserver9.6CRITICAL

Vulnerability in JumpServer's Kubernetes Session Feature Allows Unauthorized Access

CVE-2025-27095

JumpserverJumpserver4.3MEDIUM

Secrets Disclosure Vulnerability in JumpServer PAM Tool

CVE-2024-40628

JumpserverJumpserver9.1CRITICAL

Ansible Playbook Exploit Allows Remote Code Execution in Celery Container

CVE-2024-40629

JumpserverJumpserver9.8CRITICAL

Jinja2 Template Injection Vulnerability Affects JumpServer's Ansible

CVE-2024-29202

JumpserverJumpserverEPSS 81%📰9.9CRITICAL

Arbitrary Code Execution Vulnerability in JumpServer's Ansible Could Lead to Sensitive Information Theft or Database Manipulation

CVE-2024-29201

JumpserverJumpserver👾🟡EPSS 68%📰9.9CRITICAL

Sensitive Information Disclosure Vulnerability in JumpServer

CVE-2024-29020

JumpserverJumpserver5.3MEDIUM

JumpServer Bastion Host Vulnerable to IDOR Attacks

CVE-2024-29024

JumpserverJumpserver5.3MEDIUM

JumpServer vulnerability affects phishing and cross-site scripting attacks

CVE-2024-24763

jumpserverjumpserverEPSS 26%6.1MEDIUM

JumpServer default admin user email leak password reset

CVE-2023-46138

JumpserverJumpserver3.7LOW

jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values

CVE-2023-46123

JumpserverJumpserver5.3MEDIUM

SSH public key login without private key challenge if mfa is enabled in jumpserver

CVE-2023-42818

JumpserverJumpserver9.8CRITICAL

Remote code execution on the host system via MongoDB shell in jumpserver

CVE-2023-43651

JumpserverJumpserverEPSS 13%9.9CRITICAL

Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver

CVE-2023-43650

JumpserverJumpserver7.4HIGH

Non-MFA account takeover via using only SSH public key to login in jumpserver

CVE-2023-43652

JumpserverJumpserver9.1CRITICAL

Path traversal in Jumpserver

CVE-2023-42819

JumpserverJumpserver👾🟡EPSS 36%8.9HIGH

Random seed leakage in Jumpserver

CVE-2023-42820

JumpserverJumpserver👾🟡EPSS 59%7HIGH

JumpServer session replays download without authentication

CVE-2023-42442

jumpserverjumpserver👾🟡EPSS 88%5.3MEDIUM

JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

CVE-2023-28110

JumpserverJumpserver5.7MEDIUM

Access Control Issue in Jumpserver by Jumpserver

CVE-2021-3169

JumpserverJumpserver9.8CRITICAL

jumpserver Summary

Vulnerability Published:

Sort By:

30 October 2025

Unauthorized Access in JumpServer Bastion Host by Low-Privileged Users

Unauthorized Access Vulnerability in JumpServer by JumpServer

31 March 2025

Vulnerability in JumpServer's Kubernetes Session Feature Allows Unauthorized Access

18 July 2024

Secrets Disclosure Vulnerability in JumpServer PAM Tool

Ansible Playbook Exploit Allows Remote Code Execution in Celery Container

29 March 2024

Jinja2 Template Injection Vulnerability Affects JumpServer's Ansible

Arbitrary Code Execution Vulnerability in JumpServer's Ansible Could Lead to Sensitive Information Theft or Database Manipulation

Sensitive Information Disclosure Vulnerability in JumpServer

JumpServer Bastion Host Vulnerable to IDOR Attacks

20 February 2024

JumpServer vulnerability affects phishing and cross-site scripting attacks

31 October 2023

JumpServer default admin user email leak password reset

25 October 2023

jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values

27 September 2023

SSH public key login without private key challenge if mfa is enabled in jumpserver

Remote code execution on the host system via MongoDB shell in jumpserver

Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver

Non-MFA account takeover via using only SSH public key to login in jumpserver

Path traversal in Jumpserver

Random seed leakage in Jumpserver

15 September 2023

JumpServer session replays download without authentication

16 March 2023

JumpServer Koko vulnerable to Command Injection for Kubernetes Connection

23 July 2021

Access Control Issue in Jumpserver by Jumpserver