CVE-2024-29201

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.7

Description The issue is related to insufficient input validation in JumpServer's Ansible, allowing remote attackers to bypass the input validation mechanism and execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database.

Recommendations For versions prior to 3.10.7, update to version 3.10.7 to resolve the issue. As a temporary workaround, consider restricting access to the Ansible module in JumpServer to minimize the risk of exploitation.