Upgrade JumpServer Now – Critical Remote Code Execution Vulnerability Patched

CVECVE-2023-43651
CVSScvssV3_1: 8.6
SourceCVE-2023-43651

JumpServer, an open source bastion host tool, was found to have a vulnerability that could allow remote code execution. Attackers could exploit a flaw in how MongoDB sessions were handled to execute arbitrary commands on systems where JumpServer was installed.

This occurred because the koko component provided a WEB CLI interface that allowed authenticated users to log into the authorized MongoDB database. From there, attackers could abuse how sessions worked to run any code they wanted. With remote code execution achieved, privileged escalation to root was also possible on compromised systems.

The vulnerability was assigned the identifier CVE-2023-43651 and given a CVSS score of 8.6, making it a serious risk. It was addressed in JumpServer versions 2.28.20 and 3.7.1. All users are strongly recommended to upgrade immediately.

MongoDB is a popular database management system. When sessions in MongoDB can be abused, it allows attackers to completely take over systems. That’s why patching this vulnerability is critical. If you have JumpServer installed, be sure to update it to the latest version to close this remote code execution hole. Taking prompt action helps protect your environment from potential exploitation of this vulnerability.

References