Original link: https://www.leavesongs.com/PENETRATION/jumpserver-sep-2023-multiple-vulnerabilities-go-through.html
Jumpserver is an open source project developed by a domestic company in China and is the largest player in the field of open source bastion machines. In September 2023, a series of security issues were officially fixed, including the following security vulnerabilities:
- The vulnerability of JumpServer reset password verification code can be calculated and deduced. The CVE number is CVE-2023-42820.
- The JumpServer reset password verification code can be cracked by brute force. The CVE number is CVE-2023-43650.
- JumpServer authenticates users across directories and arbitrary files…
This article is reproduced from: https://www.leavesongs.com/PENETRATION/jumpserver-sep-2023-multiple-vulnerabilities-go-through.html
This site is only for collection, and the copyright belongs to the original author.