Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JumpServer Improper Certificate Validation in Custom SMS API Client
Vulnerability Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user's phone. This vulnerability is fixed in v4.10.16-lts.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
证书验证不恰当
Vulnerability Title
JumpServer 信任管理问题漏洞
Vulnerability Description
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer v4.10.16-lts之前版本存在信任管理问题漏洞,该漏洞源于自定义短信API客户端证书验证不当,可能导致攻击者拦截请求并获取验证码。
CVSS Information
N/A
Vulnerability Type
N/A