CVE-2023-28110 - Vulnerability Details - OpenCVE

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fit2cloud	Jumpserver Koko

Configuration 1 [-]

OR	cpe:2.3:a:fit2cloud:jumpserver::::::::
	cpe:2.3:a:fit2cloud:koko:-:::::go::

No data.

References

Link	Providers
https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-16T16:18:49.977Z

Updated: 2025-02-25T14:55:29.601Z

Reserved: 2023-03-10T18:34:29.227Z

Link: CVE-2023-28110

Vulnrichment

Updated: 2024-08-02T12:30:24.220Z

NVD

Status : Modified

Published: 2023-03-16T17:15:09.850

Modified: 2024-11-21T07:54:25.523

Link: CVE-2023-28110

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28110", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-10T18:34:29.227Z", "datePublished": "2023-03-16T16:18:49.977Z", "dateUpdated": "2025-02-25T14:55:29.601Z"}, "containers": {"cna": {"title": "JumpServer Koko vulnerable to Command Injection for Kubernetes Connection ", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29"}, {"name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "tags": ["x_refsource_MISC"], "url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8"}], "affected": [{"vendor": "jumpserver", "product": "jumpserver", "versions": [{"version": "< 2.28.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-16T16:18:49.977Z"}, "descriptions": [{"lang": "en", "value": "Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8."}], "source": {"advisory": "GHSA-6x5p-jm59-jh29", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.220Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29"}, {"name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T14:29:21.172517Z", "id": "CVE-2023-28110", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:55:29.601Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.220Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28110", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-25T14:29:21.172517Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:29:23.088Z"}}], "cna": {"title": "JumpServer Koko vulnerable to Command Injection for Kubernetes Connection ", "source": {"advisory": "GHSA-6x5p-jm59-jh29", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "jumpserver", "product": "jumpserver", "versions": [{"status": "affected", "version": "< 2.28.8"}]}], "references": [{"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-16T16:18:49.977Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28110", "state": "PUBLISHED", "dateUpdated": "2025-02-25T14:55:29.601Z", "dateReserved": "2023-03-10T18:34:29.227Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-03-16T16:18:49.977Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EAD9153-B643-42B7-A7B7-76E991B4893C", "versionEndExcluding": "2.28.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fit2cloud:koko:-:*:*:*:*:go:*:*", "matchCriteriaId": "E876D749-E604-421D-B495-4FE2D9555411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8."}], "id": "CVE-2023-28110", "lastModified": "2024-11-21T07:54:25.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-16T17:15:09.850", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Release Notes"], "url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security-advisories@github.com", "type": "Secondary"}]}