CVE-2023-42820 — HIGH (7.0)

Q: How severe is CVE-2023-42820?

CVE-2023-42820 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-42820?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Jumpserver.

Vulnerability Description

JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Fit2Cloud	Jumpserver	>= 2.24.0, < 2.28.19

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2023-42820?

CVE-2023-42820 is a vulnerability with a CVSS score of 7.0 (HIGH). JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which...

How severe is CVE-2023-42820?

CVE-2023-42820 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-42820?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Jumpserver.