JumpServer Administrators: Protect Your Bastion Host from Directory Traversal Attacks

CVECVE-2023-42819
CVSScvssV3_1: 8.9
SourceCVE-2023-42819

JumpServer is an open source tool used to securely manage access to Linux servers. A recent vulnerability was discovered that could allow attackers to access sensitive system files on JumpServer servers.

The vulnerability is a directory traversal flaw that exists in the API used to retrieve playbook files. By manipulating the URL, an attacker could navigate up the directory tree and access files like /etc/passwd that contain user accounts and passwords. This would give them unauthorized access to sensitive server information.

To exploit it, the attacker would create a fake playbook using the web interface. They would then craft a special URL pointing to that playbook file but including “../../../” to move up directories. This would allow them to retrieve any file on the server that the web server has access to.

The good news is JumpServer developers have addressed this issue in version 3.6.5. All JumpServer administrators should immediately upgrade to patch their servers. Until then, consider restricting access to the playbook API from untrusted networks.

By keeping your JumpServer updated with the latest security fixes, you can help prevent directory traversal attacks and ensure your Linux infrastructure remains secure and protected from intruders. Take action now to shield your servers from this vulnerability.

References