CVE-2023-46123

Name of the Vulnerable Software and Affected Versions jumpserver versions prior to 3.8.0

Description A flaw in the Core API of jumpserver allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. This enables attackers to make unlimited password attempts by altering their apparent IP address for each request.

Recommendations For versions prior to 3.8.0, update to version 3.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the Core API to minimize the risk of exploitation. Avoid using the API for password attempts until the issue is resolved.