Vulnerabilities > Fit2Cloud > Jumpserver > 2.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-46138 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications.
network
low complexity
fit2cloud CWE-640
5.3
5.3
2023-10-25 CVE-2023-46123 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications.
network
low complexity
fit2cloud CWE-307
5.3
5.3
2023-09-27 CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-307
critical
 9.8
9.8
2023-09-27 CVE-2023-43651 Code Injection vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-94
critical
 9.9
9.9
2023-09-27 CVE-2023-43650 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
high complexity
fit2cloud CWE-640
7.4
7.4
2023-09-27 CVE-2023-43652 Missing Authorization vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-862
critical
 9.1
9.1
2023-03-16 CVE-2023-28110 Command Injection vulnerability in Fit2Cloud Jumpserver and Koko
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service.
network
low complexity
fit2cloud CWE-77
critical
 9.9
9.9