CVE-2023-46138

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.8.0

Description The issue concerns the default email address for the initial admin user, which is set to admin[@]mycompany[.]com. This could potentially affect password reset functionality if the domain mycompany.com is registered in the future. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 3.8.0, update to version 3.8.0 or later. As a temporary workaround, consider changing the default email domain to example.com manually for those who cannot upgrade.