PT-2024-5028 · Ansible+2 · Ansible+2
Oskar-Zeinomahmalat-Sonarsource
·
Published
2024-07-18
·
Updated
2024-09-10
·
CVE-2024-40629
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
JumpServer versions prior to 3.10.12
JumpServer versions prior to 4.0.0
Description:
The issue is related to the JumpServer Privileged Access Management (PAM) tool, which provides secure access to various endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways.
Recommendations:
For JumpServer versions prior to 3.10.12, upgrade to version 3.10.12 or later.
For JumpServer versions prior to 4.0.0, upgrade to version 4.0.0 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ansible
Celery
Jumpserver