CVE-2023-42819

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.6.5

Description The issue is related to incorrect restriction of a directory path with limited access in the JumpServer security audit system. This can allow a remote attacker to gain unauthorized access to protected information and modify the contents of arbitrary files in the system. A directory traversal flaw can be exploited using a provided URL, such as https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd, to access and retrieve file contents. A similar method to modify file content is also present.

Recommendations For versions prior to 3.6.5, upgrade to version 3.6.5 or later to address the issue. As a temporary workaround, consider restricting access to the api/v1/ops/playbook endpoint until a patch is available. Avoid using the key parameter in the affected API endpoint until the issue is resolved.