Vulnerabilities > Fit2Cloud

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-307
critical
9.8
2023-09-27 CVE-2023-43651 Code Injection vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-94
critical
9.9
2023-09-27 CVE-2023-43650 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
high complexity
fit2cloud CWE-640
7.4
2023-09-27 CVE-2023-43652 Missing Authorization vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-862
critical
9.1
2023-09-27 CVE-2023-42819 Path Traversal vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-22
8.8
2023-09-27 CVE-2023-42820 Unspecified vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud
8.2
2023-09-20 CVE-2023-42147 Cleartext Transmission of Sensitive Information vulnerability in Fit2Cloud Cloudexplorer Lite 1.3.1
An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.
network
low complexity
fit2cloud CWE-319
7.5
2023-09-15 CVE-2023-42442 Improper Authentication vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host and a professional operation and maintenance security audit system.
network
low complexity
fit2cloud CWE-287
5.3
2023-09-14 CVE-2023-42405 SQL Injection vulnerability in Fit2Cloud Rackshift 1.7.1
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().
network
low complexity
fit2cloud CWE-89
critical
9.8
2023-08-24 CVE-2023-39519 Information Exposure vulnerability in Fit2Cloud Cloudexplorer Lite
Cloud Explorer Lite is an open source cloud management platform.
network
low complexity
fit2cloud CWE-200
4.9