PT-2021-19475 · Unknown · Jumpserver
Published
2021-07-23
·
Updated
2024-01-29
·
CVE-2021-3169
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Jumpserver versions prior to 2.6.2
Jumpserver versions prior to 2.5.4
Jumpserver versions prior to 2.4.5
Description
An issue in Jumpserver allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
Recommendations
For versions prior to 2.6.2, update to version 2.6.2 or later.
For versions prior to 2.5.4, update to version 2.5.4 or later.
For versions prior to 2.4.5, update to version 2.4.5 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jumpserver