CVE-2023-42819 - JumpServer Directory Traversal Vulnerability Allows Unauthorized Access and Modification of Files

Introduction: The open source bastion host, JumpServer, has a critical vulnerability that allows logged-in users to access and modify the contents of any file on the system. This article will provide details regarding the exploit and how it works, as well as provide links to original references and advice on how to mitigate the issue.

Exploit Details: The exploit is related to a directory traversal flaw found in JumpServer's 'Job-Template' menu. By creating a playbook named 'test' and getting the playbook id (e.g., 'eadabef-c38f-492d-bd92-832bacc3df5f') from the detail page, an attacker can use the provided URL to access and retrieve the contents of the file:

https://jumpserver-ip/api/v1/ops/playbook/eadabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd

Using a similar method, the attacker can also modify the file contents.

Mitigation: The issue has been addressed in JumpServer version 3.6.5. Users are advised to upgrade immediately to prevent any unauthorized access or modification. There are no known workarounds for this vulnerability; upgrading to the latest version is the only solution.

References

1. JumpServer GitHub Repository
2. JumpServer Version 3.6.5 Release Notes
3. CVE (Common Vulnerabilities and Exposures) details page for CVE-2023-42819

Conclusion: The directory traversal vulnerability in JumpServer is a serious issue that puts the entire system at risk. Users should upgrade to version 3.6.5 as soon as possible to protect against unauthorized access and modification of files. Stay updated with the latest security patches and keep an eye on the JumpServer GitHub repository for any further updates and releases.

Timeline

Published on: 09/27/2023 15:19:00 UTC
Last modified on: 09/29/2023 14:42:00 UTC