ByteOS Network

NVD Vulnerability Details :

CVE-2023-48193

Modified

Source-cve@mitre.org

Published At-28 Nov, 2023 | 21:15

Updated At-02 Aug, 2024 | 22:15

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

FIT2CLOUD Inc.

>>jumpserver>>3.8.0

cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://jumpserver.com	cve@mitre.org	Product
https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e	cve@mitre.org	N/A
https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md	cve@mitre.org	Exploit Third Party Advisory
https://github.com/jumpserver/jumpserver	cve@mitre.org	Product
https://github.com/jumpserver/jumpserver/issues/13394	cve@mitre.org	N/A