Описание
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.10.0 (исключая)
cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.26411
Средний
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601
EPSS
Процентиль: 96%
0.26411
Средний
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601