CVE-2023-48193

CRITICAL

JumpServer 3.8.0 - Insecure Permissions and Arbitrary Code Execution via Command Filtering Bypass

Title source: llm
STIX 2.1

Description

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Scores

CVSS v3 9.8
EPSS 0.0196
EPSS Percentile 78.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
fit2cloud/jumpserver 3.8.0
Published Nov 28, 2023
Tracked Since Feb 18, 2026