Vulnerabilities > Fit2Cloud > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2024-40628 Path Traversal vulnerability in Fit2Cloud Jumpserver
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.
network
low complexity
fit2cloud CWE-22
critical
 9.1
9.1
2024-07-18 CVE-2024-40629 Path Traversal vulnerability in Fit2Cloud Jumpserver
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser.
network
low complexity
fit2cloud CWE-22
critical
 9.8
9.8
2024-07-18 CVE-2024-39907 SQL Injection vulnerability in Fit2Cloud 1Panel 1.10.10Lts/1.10.9Lts
1Panel is a web-based linux server management control panel.
network
low complexity
fit2cloud CWE-89
critical
 9.8
9.8
2024-07-18 CVE-2024-39911 SQL Injection vulnerability in Fit2Cloud 1Panel 1.10.10Lts
1Panel is a web-based linux server management control panel.
network
low complexity
fit2cloud CWE-89
critical
 9.8
9.8
2023-11-28 CVE-2023-48193 Unspecified vulnerability in Fit2Cloud Jumpserver 3.8.0
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.
network
low complexity
fit2cloud
critical
 9.8
9.8
2023-10-30 CVE-2023-44397 Improper Authentication vulnerability in Fit2Cloud Cloudexplorer Lite
CloudExplorer Lite is an open source, lightweight cloud management platform.
network
low complexity
fit2cloud CWE-287
critical
 9.8
9.8
2023-09-27 CVE-2023-42818 Improper Restriction of Excessive Authentication Attempts vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-307
critical
 9.8
9.8
2023-09-27 CVE-2023-43651 Code Injection vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-94
critical
 9.9
9.9
2023-09-27 CVE-2023-43652 Missing Authorization vulnerability in Fit2Cloud Jumpserver
JumpServer is an open source bastion host.
network
low complexity
fit2cloud CWE-862
critical
 9.1
9.1
2023-09-14 CVE-2023-42405 SQL Injection vulnerability in Fit2Cloud Rackshift 1.7.1
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().
network
low complexity
fit2cloud CWE-89
critical
 9.8
9.8