Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
Vulnerability Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
JumpServer 安全漏洞
Vulnerability Description
JumpServer是中国杭州飞致云信息科技有限公司的一款开源堡垒机。 JumpServer v3.10.6之前版本存在安全漏洞,该漏洞源于经过身份验证的用户可以通过 job IDs 来上传恶意文件,损害系统的完整性和安全性。
CVSS Information
N/A
Vulnerability Type
N/A