Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JumpServer has a Kubernetes Token Leak Vulnerability
Vulnerability Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
JumpServer 安全漏洞
Vulnerability Description
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer 4.8.0之前版本和3.10.18之前版本存在安全漏洞,该漏洞源于低权限账户可以访问Kubernetes会话功能并操纵kubeconfig文件,可能导致拦截和捕获Kubernetes集群令牌。
CVSS Information
N/A
Vulnerability Type
N/A