FIT2CLOUD JumpServer 3.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:fit2cloud:jumpserver:3.0.0:*:*:*:*:*:*:*
part: a version: 3.0.0 update: *
| Vendor | Fit2Cloud (c8671a2b-c20a-5faf-aa4d-02770d5e105b) |
|---|---|
| Product | Jumpserver (bd714f7d-eb71-56d6-84ca-ef6d586befa8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitee/jumpserver/jumpserver |
purl2cpe | 2026-06-01 10:12:27.573844 |
pkg:golang/github.com/jumpserver/jumpserver |
purl2cpe | 2026-06-01 10:12:27.573846 |
pkg:pypi/jumpserver-sync2 |
purl2cpe | 2026-06-01 10:12:27.573847 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-29202 |
vulnerable | 2026-06-08 06:33:28.966416 |
JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery
CRITICAL (10)
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.
Published: 2024-03-29T14:57:43.606Z
Updated: 2025-03-25T19:57:03.512Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29201 |
vulnerable | 2026-06-08 06:33:28.965593 |
JumpServer's insecure Ansible playbook validation leads to RCE in Celery
CRITICAL (10)
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.
Published: 2024-03-29T14:57:40.323Z
Updated: 2025-03-25T19:38:50.208Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29024 |
vulnerable | 2026-06-08 06:33:28.416980 |
JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality
MEDIUM (4.6)
JumpServer is an open source bastion host and an operation and maintenance security audit system.
An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6.
Published: 2024-03-29T14:45:56.377Z
Updated: 2024-08-02T01:03:51.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29020 |
vulnerable | 2026-06-08 06:33:28.409896 |
JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked
MEDIUM (4.6)
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6.
Published: 2024-03-29T14:46:00.417Z
Updated: 2024-08-02T01:03:51.654Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.