Main Vulnerability Database Exploits ID:10448 - Exploit for Improper Authentication in JumpServer - CVE-2023-42442

ID:10448 - Exploit for Improper Authentication in JumpServer - CVE-2023-42442

Published: August 30, 2024

Vulnerability identifier: #VU80928

Vulnerability risk: High

CVE-ID: CVE-2023-42442

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
JumpServer

Link to public exploit:

https://github.com/C1ph3rX13/CVE-2023-42442

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the session replays can be downloaded without authentication within the /api/v1/terminal/sessions/ API. A remote attacker can bypass authentication process and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

ID:10448 - Exploit for Improper Authentication in JumpServer - CVE-2023-42442

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human