JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.
Metrics
Affected Vendors & Products
References
History
Tue, 25 Mar 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:fit2cloud:jumpserver:3.0.0:*:*:*:*:*:*:* | |
Metrics |
ssvc
|
Tue, 25 Mar 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 09 Jan 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fit2cloud
Fit2cloud jumpserver |
|
CPEs | cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:* | |
Vendors & Products |
Fit2cloud
Fit2cloud jumpserver |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-03-25T19:38:50.208Z
Reserved: 2024-03-18T17:07:00.096Z
Link: CVE-2024-29201

Updated: 2024-08-02T01:10:54.456Z

Status : Modified
Published: 2024-03-29T15:15:11.963
Modified: 2025-03-25T20:15:21.760
Link: CVE-2024-29201

No data.