CNNVD-202510-4198 Information
Oct 30, 2025
cve
CNNVD ID
CNNVD-202510-4198
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer v3.10.21-lts之前版本和v4.10.12-lts之前版本存在安全漏洞,该漏洞源于低权限用户可通过特制消息绕过授权检查,可能导致LDAP凭据泄露或意外同步操作。
Description (English)
JunpServer is an open-source fort for the company JunpServer, Hangzhou, China. The previous version of JunmpServer v.3.10.21-lts and the previous version of v4.10.12-lts have a security loophole, which stems from the fact that low-authority users can circumvent authorization through ad hoc messages, which could lead to LDAP leaking or accidental synchronization.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
飞致云
Published
2025-10-30
Last Modified
2026-02-24
References
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7893-256g-m822
Patch
https://community.fit2cloud.com/#/products/jumpserver/downloads
Share on: