Sign-up

ID

VAR-202101-2025


TITLE

Unauthorized File Reading Vulnerability in JumpServer

Trust: 0.6

sources: CNVD: CNVD-2021-20218

DESCRIPTION

JumpServer is the world's first fully open source bastion machine. It uses the GNU GPL v2.0 open source protocol and is a 4A-compliant professional operation and maintenance audit system. JumpServer unauthorized file reading vulnerability, attackers obtain sensitive information such as log files through carefully constructed requests, and can execute arbitrary commands through related operation APIs.

Trust: 0.6

sources: CNVD: CNVD-2021-20218

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20218

AFFECTED PRODUCTS

vendor:feizhiyun informationmodel:jumpserverscope:gteversion:v2.6.2

Trust: 0.6

vendor:feizhiyun informationmodel:jumpserverscope:gteversion:v2.5.4

Trust: 0.6

vendor:feizhiyun informationmodel:jumpserverscope:gteversion:v2.4.5

Trust: 0.6

vendor:feizhiyun informationmodel:jumpserverscope:eqversion:v1.5.9

Trust: 0.6

sources: CNVD: CNVD-2021-20218

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-20218
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-20218
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-20218

PATCH

title:Patch for Unauthorized File Reading Vulnerability in JumpServerurl:https://www.cnvd.org.cn/patchinfo/show/251336

Trust: 0.6

sources: CNVD: CNVD-2021-20218

EXTERNAL IDS

db:CNVDid:CNVD-2021-20218

Trust: 0.6

sources: CNVD: CNVD-2021-20218

SOURCES

db:CNVDid:CNVD-2021-20218

LAST UPDATE DATE

2022-05-04T08:52:18.488000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-20218date:2021-03-08T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-20218date:2021-01-17T00:00:00