SB20240718204 - Multiple vulnerabilities in JumpServer

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-40628)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the ansible playbook Job Center feature when executing a crafted playbook template. A remote user can create and run a malicious playbook template to disclose sensitive information.

Exploitation requires access to at least one host and access to the Job Center feature.

2) Improper access control (CVE-ID: CVE-2024-40629)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper access control in the Ansible playbook feature when creating and running playbook templates through the Job Center. A remote user can write arbitrary files in the Celery container to execute arbitrary code.

Exploitation requires access to at least one host and access to the Job Center feature. The Celery container runs as root and has database access.

Remediation

Install update from vendor's website.

References

• https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9
• https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v