Overview Recently, NSFOCUS CERT detected that JumpServer issued a security bulletin to fix the JumpServer connection token improper authentication vulnerability (CVE-2025-62712); Due to improper authentication of JumpServer's /api/v1/authentication/super-connection-token/hyper-connected endpoint, attackers with low-privilege accounts can obtain the connection tokens of all system users and connect to managed assets as them, thereby...
Tag: JumpServer
JumpServer Remote Code Execution Vulnerability (CVE-2024-29201/CVE-2024-29202) Notice
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed two remote code execution vulnerabilities. At present, the PoC of the vulnerability has been made public. Affected users should take protective measures as soon as possible. CVE-2024-29201: Since the Ansible module in JumpServer does not perform complete...
JumpServer Remote Command Execution Vulnerability Threat Alert
Overview On January 15, 2021, Beijing time, JumpServer released an emergency bulletin to announce a remote command execution vulnerability in its bastion host and advised users to fix it as soon as possible, especially those whose JumpServer can be accessed via the Internet. (more…)
