CVE-2023-42819
Published: 27 September 2023
Summary
CVE-2023-42819 is a high-severity Path Traversal (CWE-22) vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 8.9 (High).
Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
JumpServer, an open source bastion host, contains a path traversal vulnerability (CWE-22) that permits authenticated users to read or write arbitrary files on the underlying system. The flaw resides in the Job-Template playbook handling code; an attacker who creates a playbook obtains its identifier and can then supply a crafted key parameter containing directory traversal sequences to the /api/v1/ops/playbook/{id}/file/ endpoint.
A logged-in user can therefore retrieve sensitive files such as /etc/passwd or overwrite configuration and code files, resulting in full system compromise. The attack requires only low-privileged access and no user interaction beyond the initial authenticated session, producing a CVSS 3.1 score of 8.9.
The maintainers addressed the issue in version 3.6.5; the corresponding GitHub security advisory and commit confirm that no workarounds exist and recommend immediate upgrade. The EPSS score has reached a peak of 0.4229 with a current value of 0.3813, indicating sustained but not sharply escalating exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-47241
Vulnerability details
JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the…
more
detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.