JumpServer Critical Flaws Let Attackers Execute Arbitrary Remote Code
The critical vulnerabilities in JumpServer’s Ansible that allowed attackers to execute arbitrary remote code have been patched.
With a CVSS base score of 10, the critical vulnerabilities identified as CVE-2024-29201 and CVE-2024-29202 impact versions v3.0.0-v3.10.6.
A jump server is an intermediary device that uses a supervised secure channel to route traffic across firewalls.
It is often most advantageous to large and small enterprises since it provides more visibility and control over internal servers and domains, as well as the ability to stratify security zones for increased breach prevention.
CVE-2024-29201– Insecure Ansible Playbook Validation
According to GitHub reports, the vulnerability arises from bypassing input validation in the Ansible module of JumpServer.
Attackers can run arbitrary code within the Celery container by evading JumpServer’s Ansible input validation mechanism.
Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.
Additionally, by taking advantage of the vulnerability, an attacker with a low-privilege user account can run arbitrary code within the Celery container.
CVE-2024-29202 – Jinja2 template injection in Ansible
In this case, attackers can run arbitrary code inside the Celery container by taking advantage of a Jinja2 template injection vulnerability in JumpServer’s Ansible.
Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.
Additionally, this vulnerability in the Celery container allows an attacker with a low-privilege user account to run arbitrary code.
Affected Versions
The vulnerabilities affected versions v3.0.0-v3.10.6
Fixed Version
This vulnerability is fixed in v3.10.7.
Hence, to avoid these critical vulnerabilities, users are advised to apply the patch as soon as feasible.
Source: https://bit.ly/3uS5LZ2