Vulnerability Description
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fit2Cloud | Jumpserver | >= 3.0.0, < 3.6.5 |
Related Weaknesses (CWE)
References
- https://github.com/jumpserver/jumpserver/commit/d0321a74f1713d031560341c8fd0a185Patch
- https://github.com/jumpserver/jumpserver/security/advisories/GHSA-ghg2-2whp-6m33MitigationVendor Advisory
- https://github.com/jumpserver/jumpserver/commit/d0321a74f1713d031560341c8fd0a185Patch
- https://github.com/jumpserver/jumpserver/security/advisories/GHSA-ghg2-2whp-6m33MitigationVendor Advisory
FAQ
What is CVE-2023-42819?
CVE-2023-42819 is a vulnerability with a CVSS score of 8.9 (HIGH). JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get ...
How severe is CVE-2023-42819?
CVE-2023-42819 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42819?
Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Jumpserver.