THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2023-48193

Reserved:2023-11-13
Published:2023-11-28
Updated:2024-06-11

Description

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

References

https://github.com/jumpserver/jumpserver

http://jumpserver.com

https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md

https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e

https://github.com/jumpserver/jumpserver/issues/13394

cve.org CVE-2023-48193

nvd.nist.gov CVE-2023-48193

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-48193