JumpServer File Read and Upload Vulnerability (CVE-2024-40628/CVE-2024-40629) Notification
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed the file reading and uploading vulnerabilities in JumpServer (CVE-2024-40628/CVE-2024-40629). Due to improper permission configuration of the Ansible module in JumpServer, an attacker with a low-privilege account can use the ansible playbook to read arbitrary files in the celery container, resulting in disclosure […]