Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

jumpserver — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting jumpserver. AI-powered Chinese analysis, POCs, and references for each vulnerability.

JumpServer is an open-source bastion host platform designed for IT asset management and privileged access control, primarily serving enterprise environments requiring secure remote administration. Historically, its codebase has exhibited vulnerabilities typical of complex web applications, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL injection. Recent records indicate approximately 23 Common Vulnerabilities and Exposures (CVEs), with notable instances involving authentication bypasses and privilege escalation flaws that allowed unauthorized access to sensitive system resources. These issues often stem from improper input validation and inadequate session management within the web interface. While the platform provides essential auditing and compliance features, the frequency of disclosed exploits highlights the challenges of maintaining security in rapidly evolving open-source infrastructure tools. Administrators must prioritize regular patching and strict configuration hardening to mitigate these persistent risks and ensure the integrity of managed assets.

Found 23 results / 23Clear Filters
Top products by jumpserver: jumpserver
CVE IDTitleCVSSSeverityPublished
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering — jumpserverCWE-1336 6.8 Medium2026-03-13
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client — jumpserverCWE-295 5.0 Medium2026-03-13
CVE-2025-58044 JumpServer has an Open Redirect Vulnerability — jumpserverCWE-601 6.1AIMediumAI2025-12-01
CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket — jumpserverCWE-863 7.1 High2025-10-30
CVE-2025-62712 JumpServer Connection Token Leak Vulnerability — jumpserverCWE-862 9.6 Critical2025-10-30
CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability — jumpserverCWE-266 4.3 Medium2025-03-31
CVE-2024-40628 Arbitrary File Read in Ansible Playbooks in Jumpserver — jumpserverCWE-22 10.0 Critical2024-07-18
CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver — jumpserverCWE-22 10.0 Critical2024-07-18
CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery — jumpserverCWE-94 10.0 Critical2024-03-29
CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery — jumpserverCWE-94 10.0 Critical2024-03-29
CVE-2024-29020 JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked — jumpserverCWE-639 4.6 Medium2024-03-29
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality — jumpserverCWE-639 4.6 Medium2024-03-29
CVE-2024-24763 JumpServer Open Redirect Vulnerability — jumpserverCWE-601 4.3 Medium2024-02-20
CVE-2023-46138 JumpServer default admin user email leak password reset — jumpserverCWE-640 3.7 Low2023-10-30
CVE-2023-46123 jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values — jumpserverCWE-307 5.3 Medium2023-10-25
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver — jumpserverCWE-287 5.4 Medium2023-09-27
CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver — jumpserverCWE-94 8.6 High2023-09-27
CVE-2023-43650 Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver — jumpserverCWE-640 8.2 High2023-09-27
CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver — jumpserverCWE-862 8.2 High2023-09-27
CVE-2023-42819 Path traversal in Jumpserver — jumpserverCWE-22 8.9 High2023-09-26
CVE-2023-42820 Random seed leakage in Jumpserver — jumpserverCWE-200 7.0 High2023-09-26
CVE-2023-42442 JumpServer session replays download without authentication — jumpserverCWE-287 8.2 High2023-09-15
CVE-2023-28110 JumpServer Koko vulnerable to Command Injection for Kubernetes Connection — jumpserverCWE-77 5.7 Medium2023-03-16

This page lists every published CVE security advisory associated with jumpserver. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.