Cyber Resilience

CVE-2023-42819

High

Published: 27 September 2023

Published
27 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
EPSS Score 0.3813 97.3th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-42819 is a high-severity Path Traversal (CWE-22) vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 8.9 (High).

Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

JumpServer, an open source bastion host, contains a path traversal vulnerability (CWE-22) that permits authenticated users to read or write arbitrary files on the underlying system. The flaw resides in the Job-Template playbook handling code; an attacker who creates a playbook obtains its identifier and can then supply a crafted key parameter containing directory traversal sequences to the /api/v1/ops/playbook/{id}/file/ endpoint.

A logged-in user can therefore retrieve sensitive files such as /etc/passwd or overwrite configuration and code files, resulting in full system compromise. The attack requires only low-privileged access and no user interaction beyond the initial authenticated session, producing a CVSS 3.1 score of 8.9.

The maintainers addressed the issue in version 3.6.5; the corresponding GitHub security advisory and commit confirm that no workarounds exist and recommend immediate upgrade. The EPSS score has reached a peak of 0.4229 with a current value of 0.3813, indicating sustained but not sharply escalating exploitation interest since disclosure.

EU & UK References

Vulnerability details

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the…

more

detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fit2cloud
jumpserver
3.0.0 — 3.6.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References