CVE-2024-29202

high-risk

Published 2024-03-29

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.

Do I need to act?

81.2% chance of exploitation in next 30 days

EPSS score — higher than 19% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 4f34ce5edb6be43fe01468faad4f158a82a08dce

CVSS 9.9/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Jumpserver

Affected Vendors

Fit2Cloud

References (3)

Exploit https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch

https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-int...

Exploit https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal