CVE-2021-3169 Information
Jun 07, 2022
cve
Description
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg https://s.tencent.com/research/bsafe/1228.html https://blog.fit2cloud.com/?p=1764
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: