CVE-2023-42442

Name of the Vulnerable Software and Affected Versions JumpServer versions 3.0.0 through 3.5.4 JumpServer versions 3.6.0 through 3.6.3

Description The issue is related to a weakness in the authentication procedure of JumpServer, an open-source bastion host and professional operation and maintenance security audit system. This weakness can be exploited by a remote attacker to cause a denial of service. Specifically, the /api/v1/terminal/sessions/ API endpoint has broken permission control, allowing anonymous access. The SessionViewSet permission classes are set to [RBACPermission | IsSessionAssignee], with a relation of "or", meaning any matched permission will be allowed.

Recommendations For JumpServer versions 3.0.0 through 3.5.4, upgrade to version 3.5.5 or later. For JumpServer versions 3.6.0 through 3.6.3, upgrade to version 3.6.4 or later. After upgrading, visit the API $HOST/api/v1/terminal/sessions/?limit=1 to verify that the expected HTTP response code is 401 (not authenticated). As a temporary workaround, consider restricting access to the /api/v1/terminal/sessions/ API endpoint to minimize the risk of exploitation.