CVE-2023-48193

Name of the Vulnerable Software and Affected Versions JumpServer GPLv3 version 3.8.0

Description The issue allows a remote attacker to execute arbitrary code by bypassing the command filtering function. It is noted that command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Recommendations For JumpServer GPLv3 version 3.8.0, consider restricting access to command execution features to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and limit the permissions of authorized users to execute files, ensuring they align with the intended security posture.