What is CVE-2023-46123?

CVE-2023-46123 is a vulnerability in the Core API of jumpserver that allows attackers to bypass password brute-force protections.

How can the CVE-2023-46123 vulnerability be exploited?

The CVE-2023-46123 vulnerability can be exploited by spoofing arbitrary IP addresses to bypass password brute-force protections in jumpserver.

What is the affected software version?

The affected software version is Fit2cloud Jumpserver up to and excluding version 3.8.0.

How severe is the CVE-2023-46123 vulnerability?

The CVE-2023-46123 vulnerability has a severity rating of 5.3 (medium).

Vulnerability/
CVE-2023-46123

medium

5.3

CWE

307

25/10/2023

21/11/2024

CVE-2023-46123: jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values

Q: What is jumpserver?

Jumpserver is an open source bastion machine professional operation and maintenance security audit system that complies with 4A specifications.

First published: Wed Oct 25 2023(Updated: )

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
	<3.8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-46123?
CVE-2023-46123 is a vulnerability in the Core API of jumpserver that allows attackers to bypass password brute-force protections.
What is jumpserver?
Jumpserver is an open source bastion machine professional operation and maintenance security audit system that complies with 4A specifications.
How can the CVE-2023-46123 vulnerability be exploited?
The CVE-2023-46123 vulnerability can be exploited by spoofing arbitrary IP addresses to bypass password brute-force protections in jumpserver.
What is the affected software version?
The affected software version is Fit2cloud Jumpserver up to and excluding version 3.8.0.
How severe is the CVE-2023-46123 vulnerability?
The CVE-2023-46123 vulnerability has a severity rating of 5.3 (medium).

agent/references
agent/type
agent/weakness
agent/title
agent/severity
agent/author
agent/first-publish-date
agent/description
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
vendor/fit2cloud
canonical/fit2cloud jumpserver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.