THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-48193

Assignermitre
Reserved2023-11-13
Published2023-11-28
Updated2024-06-11

Description

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

References

https://github.com/jumpserver/jumpserver

http://jumpserver.com

https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md

https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e

https://github.com/jumpserver/jumpserver/issues/13394

cve.org CVE-2023-48193

nvd.nist.gov CVE-2023-48193

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-48193
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +