CVE-2023-28110

Name of the Vulnerable Software and Affected Versions Jumpserver versions prior to 2.28.8

Description The issue affects Jumpserver, a popular open source bastion host, specifically its Koko component, which is the Go version of coco. It allows the execution of dangerous commands when using illegal tokens to connect to a Kubernetes cluster, potentially disrupting the Koko container environment and affecting normal usage.

Recommendations For versions prior to 2.28.8, update to version 2.28.8 to resolve the issue. As a temporary workaround, consider restricting access to the Koko component to minimize the risk of exploitation.