JumpServer Critical Flaws – Attackers Execute Arbitrary Code


The critical vulnerabilities in JumpServer’s Ansible that allowed attackers to execute arbitrary remote code have been patched.

With a CVSS base score of 10, the critical vulnerabilities identified as CVE-2024-29201 and CVE-2024-29202 impact versions v3.0.0-v3.10.6.

A jump server is an intermediary device that uses a supervised secure channel to route traffic across firewalls.

It is often most advantageous to large and small enterprises since it provides more visibility and control over internal servers and domains, as well as the ability to stratify security zones for increased breach prevention.

CVE-2024-29201– Insecure Ansible Playbook Validation

According to GitHub reports, the vulnerability arises from bypassing input validation in the Ansible module of JumpServer. 

Document

Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .


Attackers can run arbitrary code within the Celery container by evading JumpServer’s Ansible input validation mechanism. 

Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.

Additionally, by taking advantage of the vulnerability, an attacker with a low-privilege user account can run arbitrary code within the Celery container. 

CVE-2024-29202 – Jinja2 template injection in Ansible

In this case, attackers can run arbitrary code inside the Celery container by taking advantage of a Jinja2 template injection vulnerability in JumpServer’s Ansible. 

Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.

Additionally, this vulnerability in the Celery container allows an attacker with a low-privilege user account to run arbitrary code.

Affected Versions

The vulnerabilities affected versions v3.0.0-v3.10.6

Fixed Version

This vulnerability is fixed in v3.10.7.

Hence, to avoid these critical vulnerabilities, users are advised to apply the patch as soon as feasible.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link