JumpServer CVE-2024-40628 CVE-2024-40629

JumpServer File Read and Upload Vulnerability (CVE-2024-40628/CVE-2024-40629) Notification

July 19, 2024

Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed the file reading and uploading vulnerabilities in JumpServer (CVE-2024-40628/CVE-2024-40629). Due to improper permission configuration of the Ansible module in JumpServer, an attacker with a low-privilege account can use the ansible playbook to read arbitrary files in the celery container, resulting in disclosure […]

Search

Subscribe to the NSFOCUS Blog