Filter

Versions

3.0.0
12
2.0.0
3
3.6.0
2
2.24.0
1
2.4.0
1
2.5.0
1
2.6.0
1
3.8.0
1

JumpserverArbitrary File Read in Ansible Playbooks in Jumpserver

critical
10
First published (updated )
CVE-2024-40628

JumpserverArbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

critical
10
First published (updated )
CVE-2024-40629

JumpserverJumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-29202

JumpserverJumpServer's insecure Ansible playbook validation leads to RCE in Celery

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-29201

JumpserverJumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-29020

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

JumpserverJumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-29024

JumpserverJumpServer Open Redirect Vulnerability

medium
6.1
EPSS
0.06%
First published (updated )
CVE-2024-24763

JumpserverInsecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute a…

critical
9.8
First published (updated )
CVE-2023-48193

JumpserverJumpServer default admin user email leak password reset

medium
5.3
First published (updated )
CVE-2023-46138

Jumpserverjumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values

medium
5.3
First published (updated )
CVE-2023-46123

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

JumpserverSSH public key login without private key challenge if mfa is enabled in jumpserver

critical
9.8
First published (updated )
CVE-2023-42818

go/github.com/jumpserver/kokoRemote code execution on the host system via MongoDB shell in jumpserver

critical
9.9
First published (updated )
CVE-2023-43651

JumpserverNon-MFA account takeover via brute-force attack on weak password reset code in jumpserver

high
8.2
First published (updated )
CVE-2023-43650

JumpserverNon-MFA account takeover via using only SSH public key to login in jumpserver

critical
9.1
First published (updated )
CVE-2023-43652

JumpserverPath traversal in Jumpserver

high
8.9
First published (updated )
CVE-2023-42819

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

JumpserverRandom seed leakage in Jumpserver

high
8.2
First published (updated )
CVE-2023-42820

JumpserverJumpServer session replays download without authentication

high
8.2
First published (updated )
CVE-2023-42442

JumpserverCommand Injection

critical
9.9
First published (updated )
CVE-2023-28110

JumpserverAn issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API …

critical
10
First published (updated )
CVE-2021-3169

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203