Arbitrary Code Execution Vulnerability in JumpServer's Ansible Could Lead to Sensitive Information Theft or Database Manipulation
CVE-2024-29201
Key Information:
- Vendor
Jumpserver
- Status
- Vendor
- CVE Published:
- 29 March 2024
Badges
What is CVE-2024-29201?
The vulnerability CVE-2024-29201 exists in JumpServer's Ansible, allowing attackers to execute arbitrary code within the Celery container. This can lead to potential sensitive information theft or database manipulation. The vulnerability affects versions v3.0.0-v3.10.6 and has a fixed version in v3.10.7. Due to the critical nature of the vulnerability, users are advised to apply the patch as soon as feasible to avoid potential exploitation in the wild.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
jumpserver >= 3.0.0, <= 3.10.6
News Articles
Security software, simplified.
SOOS β’ Don't get cocky with your app sec. Industry leading app sec, all in one dashboard.
CybersecurityNewsJumpServer Critical Flaws Let Attackers Execute Arbitrary Code Remotely
The critical vulnerabilities in JumpServer's Ansible that allowed attackers to execute arbitrary remote code have been patched.
References
EPSS Score
68% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved