CVE-2023-43651

moderate-risk

Published 2023-09-27

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

13.9% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.5/10 High

NETWORK / HIGH complexity

Affected Products (1)

Jumpserver

Affected Vendors

Fit2Cloud

References (3)

Exploit https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96

https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-int...

Exploit https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 12/34 · Low

Exposure 5/34 · Minimal