Home/Product/fit2cloud jumpserver
Product

fit2cloud jumpserver

25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-31864
< 3.10.22
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection
6.8MEDIUM
 CVE-2026-31798
< 4.10.16
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServe
5.0MEDIUM
 CVE-2025-58044
< 3.10.19
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, T
6.1MEDIUM
 CVE-2025-62795
< 3.10.21
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.
7.1HIGH
 CVE-2025-62712
< 3.10.20
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to
9.6CRITICAL
 CVE-2025-27095
< 3.10.18
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an a
4.3MEDIUM
 CVE-2024-40629
>= 3.0.0 and < 3.10.12
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure a
10.0CRITICAL
 CVE-2024-40628
>= 3.0.0 and < 3.10.12
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure a
10.0CRITICAL
 CVE-2024-29202
>= 3.0.0 and < 3.10.7
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 t
9.9CRITICAL
 CVE-2024-29201
>= 3.0.0 and < 3.10.7
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input v
9.9CRITICAL
 CVE-2024-29024
>= 3.0.0 and < 3.10.6
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploi
4.6MEDIUM
 CVE-2024-29020
>= 3.0.0 and < 3.10.6
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtai
4.6MEDIUM
 CVE-2024-24763
< 3.10.0
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attacke
4.3MEDIUM
 CVE-2023-48193
all versions
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing th
9.8CRITICAL
 CVE-2023-46138
< 3.8.0
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to ver
3.7LOW
 CVE-2023-46123
< 3.8.0
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A s
5.3MEDIUM
 CVE-2023-43651
>= 2.0.0 and < 2.28.20
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitr
8.5HIGH
 CVE-2023-42818
< 3.5.6
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does
5.4MEDIUM
 CVE-2023-43652
>= 2.0.0 and < 2.28.20
JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a usern
8.2HIGH
 CVE-2023-43650
>= 2.0.0 and < 2.28.20
JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attack
8.2HIGH
 CVE-2023-42820
>= 2.24.0 and < 2.28.19
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially al
7.0HIGH
 CVE-2023-42819
>= 3.0.0 and < 3.6.5
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user ca
8.9HIGH
 CVE-2023-42442
>= 3.0.0 and < 3.5.5
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version
8.2HIGH
 CVE-2023-28110
< 2.28.8
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring c
5.7MEDIUM
 CVE-2021-3169
>= 2.4.0 and < 2.4.5
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh