Main Vulnerability Database Vulnerabilities #VU128123

#VU128123 Improper access control in JumpServer - CVE-2024-40628

Published: July 18, 2024 / Updated: April 27, 2026

Vulnerability identifier: #VU128123

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-40628

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
JumpServer

Software vendor:
JumpServer

Description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the ansible playbook Job Center feature when executing a crafted playbook template. A remote user can create and run a malicious playbook template to disclose sensitive information.

Exploitation requires access to at least one host and access to the Job Center feature.

Remediation

Install security update from vendor's website.

External links

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9

#VU128123 Improper access control in JumpServer - CVE-2024-40628

Description

Remediation

External links

Please verify you're human