CVE-2024-29024

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.6

Description The issue allows an authenticated user to exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system.

Recommendations For versions prior to 3.10.6, update to version 3.10.6 to resolve the issue. As a temporary workaround, consider restricting access to the file manager's bulk transfer feature to minimize the risk of exploitation.