CVE-2023-43652

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 2.28.20 JumpServer versions prior to 3.7.1

Description The issue concerns the authentication procedure in JumpServer, an open source bastion host. An unauthenticated user can authenticate to the core API using a username and an SSH public key without needing a password or the corresponding SSH private key. This is possible because the API for the KoKo component to validate user private key logins does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions.

Recommendations For versions prior to 2.28.20, upgrade to version 2.28.20 or later. For versions prior to 3.7.1, upgrade to version 3.7.1 or later. As a temporary workaround, consider restricting access to the KoKo component API until a patch is available. Avoid using the username and SSH public key for authentication until the issue is resolved.