CNNVD-202512-034 Information
CNNVD ID
CNNVD-202512-034
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
JumpServer是中国杭州飞致云信息科技(JumpServer)公司的一款开源堡垒机。 JumpServer v3.10.19之前版本和v4.10.5之前版本存在输入验证错误漏洞,该漏洞源于/core/i18n//端点未正确验证Referer标头,可能导致开放重定向漏洞。
Description (English)
JunpServer is an open-source fort for the company JunpServer, Hangzhou, China. Prior to JunpServer v.3.10.19 and prior to v4.10.5, there was an input authentication error loophole, which originated from/core/i18n/end that did not correctly validate the Refererer header, which could lead to an open reoriented loophole.
Hazard Level
High
Vulnerability Type
输入验证错误
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53b https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq https://access.redhat.com/security/cve/cve-2025-58044
Patch
https://github.com/jumpserver/jumpserver/releases
Share on: