CVE-2023-48193
CRITICALJumpServer 3.8.0 - Insecure Permissions and Arbitrary Code Execution via Command Filtering Bypass
Title source: llmDescription
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.
References (5)
Core 5
Core References
Product
http://jumpserver.com
Exploit, Third Party Advisory
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md
Issue Tracking
https://github.com/jumpserver/jumpserver/issues/13394
Scores
CVSS v3
9.8
EPSS
0.0196
EPSS Percentile
78.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
fit2cloud/jumpserver
3.8.0
Published
Nov 28, 2023
Tracked Since
Feb 18, 2026