Non-MFA account takeover via using only SSH public key to login in jumpserver
CVE-2023-43652

9.1CRITICAL

Key Information:

Vendor: Jumpserver
Status: Jumpserver
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-43652?

JumpServer, an open-source bastion host, has a vulnerability that allows unauthenticated users to authenticate to its core API using a username and an SSH public key without requiring a password. This flaw arises because the API for KoKo does not validate the source of requests, enabling attackers to generate authentication tokens using just the public key. Since SSH public keys can be easily exposed, an attacker with a compromised key can gain access to user information and perform authorized actions associated with the compromised account. Users are strongly encouraged to upgrade to versions 2.28.20 and 3.7.1 to mitigate this vulnerability, as there are currently no viable workarounds.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jumpserver >= 2.0.0, < 2.28.20 < 2.0.0, 2.28.20

jumpserver >= 3.0.0, < 3.7.1 < 3.0.0, 3.7.1

References

https://github.com/jumpserver/jumpserver/security/advisor...

x_refsource_CONFIRM

https://www.sonarsource.com/blog/diving-into-jumpserver-a...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 20, 2023

JSON

Jumpserver

What is CVE-2023-43652?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.