Vulnerabilities > CVE-2023-48193 - Unspecified vulnerability in Fit2Cloud Jumpserver 3.8.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fit2cloud

critical

NVD

Published: 2023-11-28

Updated: 2024-08-02

Summary

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Vulnerable Configurations

Part	Description	Count
Application	Fit2Cloud Fit2Cloud Jumpserver 3.8.0	1

References

https://github.com/jumpserver/jumpserver
http://jumpserver.com
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md
https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e
https://github.com/jumpserver/jumpserver/issues/13394