Insecure Permissions in JumpServer GPLv3 Breakdown by JumpServer
CVE-2023-48193

9.8CRITICAL

Key Information:

Vendor: Fit2cloud
Status: Jumpserver
Vendor: CVE Published:; 28 November 2023

Badges

📰 News Worthy

What is CVE-2023-48193?

The JumpServer GPLv3 v3.8.0 is susceptible to an Insecure Permissions vulnerability, which permits a remote attacker to execute arbitrary code. This vulnerability arises from the ability to bypass the command filtering function, leading to unauthorized execution of commands. Though there is a debate surrounding the intent of the command filtering feature, which is designed for use by authorized users, it presents a significant risk by potentially allowing harmful code execution through improper permission settings.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

zhi.oscs1024.com

CVE-2023-48193

JumpServer 命令绕过漏洞 (CVE-2023-48193)

漏洞类型授权机制不恰当发现时间 2023-11-29 漏洞等级中危 MPS编号 MPS-20vd-8lzy CVE编号 CVE-2023-48193 漏洞影响广度广漏洞危害 OSCS 描述 JumpServer 是一款开源的堡垒机。受影响版本中，当JumpServer在设置命令过滤功能时，攻击者可以通过将过...

References

https://github.com/jumpserver/jumpserver

http://jumpserver.com

https://github.com/296430468/lcc_test/blob/main/jumpserve...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by zhi.oscs1024.com
Nov 29, 2023
Vulnerability published
Nov 28, 2023
Vulnerability Reserved
Nov 13, 2023

JSON

Fit2cloud

Badges

What is CVE-2023-48193?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

News Articles

JumpServer 命令绕过漏洞 (CVE-2023-48193)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.