Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering
Vulnerability Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges (Application Applet Management or Virtual Application Management permissions). Attackers can exploit this vulnerability to execute arbitrary code within the JumpServer Core container. The vulnerability arises from unsafe use of Jinja2 template rendering when processing user-uploaded YAML configuration files. When a user uploads an Applet or VirtualApp ZIP package, the manifest.yml file is rendered through Jinja2 without sandbox restrictions, allowing template injection attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
JumpServer 安全漏洞
Vulnerability Description
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer存在安全漏洞,该漏洞源于Applet和VirtualApp上传功能中Jinja2模板渲染使用不安全,可能导致具有管理权限的攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A