GCVE - cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*

part: a version: 3.8.0 update: *

Vendor	Fit2Cloud (`c8671a2b-c20a-5faf-aa4d-02770d5e105b`)
Product	Jumpserver (`bd714f7d-eb71-56d6-84ca-ef6d586befa8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitee/jumpserver/jumpserver`	purl2cpe	2026-06-01 10:12:27.574079
`pkg:golang/github.com/jumpserver/jumpserver`	purl2cpe	2026-06-01 10:12:27.574080
`pkg:pypi/jumpserver-sync2`	purl2cpe	2026-06-01 10:12:27.574081

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-48193`	vulnerable	2026-06-08 06:14:26.122804	Details available Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files. Published: 2023-11-28T00:00:00.000Z Updated: 2024-08-02T21:23:39.268Z Open on db.gcve.eu Reference links https://github.com/jumpserver/jumpserver http://jumpserver.com https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md https://blog.fit2cloud.com/?p=8cf83cd9-c23b-4625-9350-38926fb7f88e https://github.com/jumpserver/jumpserver/issues/13394	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.