CVE-2024-24763

moderate-risk

Published 2024-02-20

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.

Do I need to act?

30.7% chance of exploitation in next 30 days

EPSS score — higher than 69% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Jumpserver

Affected Vendors

Fit2Cloud

References (4)

Release Notes https://github.com/jumpserver/jumpserver/releases/tag/v3.10.0

Vendor Advisory https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5

Release Notes https://github.com/jumpserver/jumpserver/releases/tag/v3.10.0

Vendor Advisory https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 16/34 · Moderate

Exposure 5/34 · Minimal