JumpServer Users: Protect Your Sessions from Unauthorized Access

CVECVE-2023-42442
CVSScvssV3_1: 8.2
SourceCVE-2023-42442

JumpServer, an open source bastion host and operation management tool, was found to have a vulnerability in versions 3.0.0 up to 3.5.4 and 3.6.3 that could allow unauthorized access to session replays.

The issue stems from a permission control flaw in the API endpoint for accessing terminal sessions. Without proper authentication, anyone could download session replay files stored in cloud storage like S3. This poses a risk if sensitive information was captured in those sessions.

While later versions 3.5.5 and 3.6.4 have addressed this vulnerability, users of older installations are advised to upgrade immediately. Administrators should also verify that session replays are only accessible with authentication after upgrading.

To check if your JumpServer is vulnerable, make an unauthenticated request to the /api/v1/terminal/sessions/ endpoint after upgrading – it should return a 401 error code requiring authentication.

Always keep your JumpServer updated to the latest version to protect against security issues. Configure proper access controls and monitor session activity to detect any unauthorized access of session replay files. Taking prompt action can help prevent the compromise of sensitive operational data.

References