CVE-2024-29024

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q	Vendor Advisory
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*

History

09 Jan 2025, 17:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fit2cloud:jumpserver::::::::
References	~~() https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q -~~	() https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q - Vendor Advisory
First Time		Fit2cloud jumpserver Fit2cloud

Information

Published : 2024-03-29 15:15

Updated : 2025-01-09 17:32

NVD link : CVE-2024-29024

Mitre link : CVE-2024-29024

CVE.ORG link : CVE-2024-29024

JSON object : View

Products Affected

fit2cloud

jumpserver

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2024-29024", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-03-29T15:15:11.707", "references": [{"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "JumpServer is an open source bastion host and an operation and maintenance security audit system.\nAn authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6."}, {"lang": "es", "value": "JumpServer es un host basti\u00f3n de c\u00f3digo abierto y un sistema de auditor\u00eda de seguridad de operaci\u00f3n y mantenimiento. Un usuario autenticado puede aprovechar la vulnerabilidad de referencia directa de objetos inseguros (IDOR) en la transferencia masiva del administrador de archivos manipulando los ID de los trabajos para cargar archivos maliciosos, comprometiendo potencialmente la integridad y seguridad del sistema. Esta vulnerabilidad se solucion\u00f3 en v3.10.6."}], "lastModified": "2025-01-09T17:32:54.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07104EF2-D3BA-4E56-95DB-23114EF726F7", "versionEndExcluding": "3.10.6", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}