CNNVD-202510-4209 Information
CNNVD ID
CNNVD-202510-4209
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer v3.10.20-lts之前版本和v4.10.11-lts之前版本存在安全漏洞,该漏洞源于超级连接API端点未正确限制连接令牌访问,可能导致未经授权的访问和权限提升。
Description (English)
JunpServer is an open-source fort for the company JunpServer, Hangzhou, China. There is a security loophole in the previous version of JunmpServer v.3.10.20-lts and the previous version of v4.10.11-lts, which stems from the fact that the super-connected API endpoint does not correctly limit access to the connection token, which may lead to unauthorized access and increased access.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
飞致云
Published
2025-10-30
Last Modified
2026-02-24
References
https://github.com/jumpserver/jumpserver/commit/453ad331eec9d9667a38de735d6612608e558491 https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6ghx-6vpv-3wg7
Patch
https://community.fit2cloud.com/#/products/jumpserver/downloads
Share on: