SB2023092767 - Multiple vulnerabilities in JumpServer
Published: September 27, 2023 Updated: April 27, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2023-43651)
The vulnerability allows a remote user to execute arbitrary code on the host system.
The vulnerability exists due to improper access control in the MongoDB shell session exposed through the WEB CLI interface when handling authenticated MongoDB shell access. A remote user can execute arbitrary commands in the MongoDB session to execute arbitrary code on the host system.
The issue may be leveraged to gain root privileges on the host system.
2) Improper Authentication (CVE-ID: CVE-2023-43652)
The vulnerability allows a remote attacker to gain access to the current user's information and authorized actions.
The vulnerability exists due to improper authentication in the authentication token API for the KoKo component when handling SSH public key login validation requests. A remote attacker can submit a username and a leaked SSH public key to gain access to the current user's information and authorized actions.
The API does not verify the source of requests before generating a personal authentication token.
3) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2023-43650)
The vulnerability allows a remote attacker to take over accounts.
The vulnerability exists due to improper restriction of excessive authentication attempts in the password reset verification code mechanism when validating password reset codes. A remote attacker can brute-force a 6-digit verification code to take over accounts.
The issue affects password reset flows for users who do not use multi-factor authentication, and the verification code is valid for 1 minute.
Remediation
Install update from vendor's website.