CVE-2023-48193

Опубликовано: 28 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Ссылки

http://jumpserver.com
Product
https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md
Exploit
Third Party Advisory
https://github.com/jumpserver/jumpserver
Product
https://github.com/jumpserver/jumpserver/issues/13394
http://jumpserver.com
Product
https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md
Exploit
Third Party Advisory
https://github.com/jumpserver/jumpserver
Product
https://github.com/jumpserver/jumpserver/issues/13394

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03849

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j544-j388-44c3