Cyber Resilience

CVE-2024-40629

Critical

Published: 18 July 2024

Published
18 July 2024
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0490 89.8th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-40629 is a critical-severity Path Traversal (CWE-22) vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

JumpServer, an open-source Privileged Access Management tool, contains a path traversal vulnerability (CWE-22) that allows an attacker to exploit the Ansible playbook mechanism for arbitrary file writes. This leads to remote code execution inside the Celery container, which runs with root privileges and has direct database access. The flaw affects versions prior to the fixes released in 3.10.12 and 4.0.0.

An unauthenticated remote attacker can leverage the issue over the network to execute code, extract all stored host secrets, create new administrative accounts, or perform other database manipulations that compromise the entire JumpServer deployment and the internal systems it protects.

The official GitHub Security Advisory and accompanying analysis recommend immediate upgrade to the patched releases, noting that no workarounds are available. The referenced SonarSource research provides additional technical detail on the exploitation path.

EPSS for this CVE rose from lower values to a peak of 0.0936 on 2025-12-11 before receding to the current 0.0490, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to…

more

write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fit2cloud
jumpserver
3.0.0 — 3.10.12

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References