Aradinbar

**Name of the Vulnerable Software and Affected Versions** JumpServer versions prior to 4.10.16-lts **Description** JumpServer, an open source bastion host and operation and maintenance security audit system, does not properly validate certificates in the Custom SMS API Client. This allows an attacker to intercept requests and capture verification codes sent via the Custom SMS API before they reach the user’s phone. **Recommendations** Update to version 4.10.16-lts or later.