Vulnerabilities > Fit2Cloud > Jumpserver > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2024-40629 | Path Traversal vulnerability in Fit2Cloud Jumpserver JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. | 9.8 |
| 2024-07-18 | CVE-2024-40628 | Path Traversal vulnerability in Fit2Cloud Jumpserver JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. | 9.1 |
| 2023-11-28 | CVE-2023-48193 | Unspecified vulnerability in Fit2Cloud Jumpserver 3.8.0 Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. | 9.8 |
| 2023-09-27 | CVE-2023-43651 | Code Injection vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.9 |
| 2023-09-27 | CVE-2023-42818 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.8 |
| 2023-09-27 | CVE-2023-43652 | Missing Authorization vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host. | 9.1 |
| 2023-03-16 | CVE-2023-28110 | Command Injection vulnerability in Fit2Cloud Jumpserver and Koko Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. | 9.9 |