CVE-2024-40629
Published: 18 July 2024
Summary
CVE-2024-40629 is a critical-severity Path Traversal (CWE-22) vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
JumpServer, an open-source Privileged Access Management tool, contains a path traversal vulnerability (CWE-22) that allows an attacker to exploit the Ansible playbook mechanism for arbitrary file writes. This leads to remote code execution inside the Celery container, which runs with root privileges and has direct database access. The flaw affects versions prior to the fixes released in 3.10.12 and 4.0.0.
An unauthenticated remote attacker can leverage the issue over the network to execute code, extract all stored host secrets, create new administrative accounts, or perform other database manipulations that compromise the entire JumpServer deployment and the internal systems it protects.
The official GitHub Security Advisory and accompanying analysis recommend immediate upgrade to the patched releases, noting that no workarounds are available. The referenced SonarSource research provides additional technical detail on the exploitation path.
EPSS for this CVE rose from lower values to a peak of 0.0936 on 2025-12-11 before receding to the current 0.0490, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38549
Vulnerability details
JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to…
more
write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.