CVE-2024-29020

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.6

Description An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data.

Recommendations For versions prior to 3.10.6, update to version 3.10.6 to resolve the issue. As a temporary workaround, consider restricting access to playbook files and limiting the ability for authorized attackers to learn the playbook id of other users.