Cyber Resilience

CVE-2024-29202

CriticalPublic PoCRCE

Published: 29 March 2024

Published
29 March 2024
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.7998 99.1th percentile
Risk Priority 68 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29202 is a critical-severity Code Injection (CWE-94) vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 9.9 (Critical).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

JumpServer, an open source bastion host and operations security audit platform, contains a Jinja2 template injection flaw in its Ansible integration that permits arbitrary code execution inside the Celery container. The vulnerability is tracked as CVE-2024-29202, carries a CVSS 3.1 score of 9.9, and is classified under CWE-94; it was addressed in version 3.10.7.

An authenticated attacker with low privileges can supply a malicious template that runs with root privileges and full database access inside the Celery container, enabling theft of credentials and sensitive data from all managed hosts or direct manipulation of the JumpServer database.

The official GitHub Security Advisory GHSA-2vvr-vmvx-73ch and the accompanying SonarSource analysis both state that upgrading to JumpServer 3.10.7 or later eliminates the template-injection vector; administrators are advised to apply the update promptly and to restrict Ansible template privileges where possible.

The EPSS score has reached a peak of 0.8368 with a current value of 0.7998, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with…

more

root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fit2cloud
jumpserver
3.0.0 — 3.10.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

addresses: CWE-94

Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.

addresses: CWE-94

Validates inputs used in dynamic code generation to block injected directives.

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

References