SB2023092675 - Multiple vulnerabilities in JumpServer

Description

This security bulletin contains information about 2 vulnerabilities.

1) Path traversal (CVE-ID: CVE-2023-42819)

The vulnerability allows a remote user to disclose and modify arbitrary files on the system.

The vulnerability exists due to path traversal in the playbook file upload API endpoint when handling crafted file path parameters. A remote user can send a specially crafted request to disclose and modify arbitrary files on the system.

User interaction is required to create a playbook and obtain its identifier before exploitation.

2) Information disclosure (CVE-ID: CVE-2023-42820)

The vulnerability allows a remote attacker to reset user passwords.

The vulnerability exists due to exposure of the random number seed in the verification code generation process when handling password reset verification codes through the API. A remote attacker can replay randomly generated verification codes to reset user passwords.

Instances with MFA enabled are not affected. Deployments not using local authentication are also not affected.

Remediation

Install update from vendor's website.

References

• https://github.com/jumpserver/jumpserver/security/advisories/GHSA-ghg2-2whp-6m33
• https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7prv-g565-82qp