Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jumpserver — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting jumpserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by jumpserver:jumpserver
CVE IDTitleCVSSSeverityPublished
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering — jumpserverCWE-1336 6.8 Medium2026-03-13
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client — jumpserverCWE-295 5.0 Medium2026-03-13
CVE-2025-58044 JumpServer has an Open Redirect Vulnerability — jumpserverCWE-601 6.1AIMediumAI2025-12-01
CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket — jumpserverCWE-863 7.1 High2025-10-30
CVE-2025-62712 JumpServer Connection Token Leak Vulnerability — jumpserverCWE-862 9.6 Critical2025-10-30
CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability — jumpserverCWE-266 4.3 Medium2025-03-31
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver — jumpserverCWE-22 10.0 Critical2024-07-18
CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver — jumpserverCWE-22 10.0 Critical2024-07-18
CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery — jumpserverCWE-94 10.0 Critical2024-03-29
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery — jumpserverCWE-94 10.0 Critical2024-03-29
CVE-2024-29020 JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked — jumpserverCWE-639 4.6 Medium2024-03-29
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality — jumpserverCWE-639 4.6 Medium2024-03-29
CVE-2024-24763 JumpServer Open Redirect Vulnerability — jumpserverCWE-601 4.3 Medium2024-02-20
CVE-2023-46138 JumpServer default admin user email leak password reset — jumpserverCWE-640 3.7 Low2023-10-30
CVE-2023-46123 jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values — jumpserverCWE-307 5.3 Medium2023-10-25
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver — jumpserverCWE-287 5.4 Medium2023-09-27
CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver — jumpserverCWE-94 8.6 High2023-09-27
CVE-2023-43650 Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver — jumpserverCWE-640 8.2 High2023-09-27
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver — jumpserverCWE-862 8.2 High2023-09-27
CVE-2023-42819 Path traversal in Jumpserver — jumpserverCWE-22 8.9 High2023-09-26
CVE-2023-42820 Random seed leakage in Jumpserver — jumpserverCWE-200 7.0 High2023-09-26
CVE-2023-42442 JumpServer session replays download without authentication — jumpserverCWE-287 8.2 High2023-09-15
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection — jumpserverCWE-77 5.7 Medium2023-03-16

This page lists every published CVE security advisory associated with jumpserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.