CVE-2023-42818

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 27, 2023

Updated: Oct 2, 2023

CWE ID 287

CWE ID 307

Summary

CVE-2023-42818 affects JumpServer, an open-source bastion host. When Multi-Factor Authentication (MFA) is enabled and users authenticate using a public key, the Koko SSH server fails to verify the corresponding private key. This vulnerability enables an attacker to attempt brute-force attacks against the SSH service using a disclosed public key. The issue has been resolved in versions 3.6.5 and 3.5.6. It is strongly recommended that users upgrade as soon as possible, as there are currently no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fit2cloud Jumpserver

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sr758_
https://www.cve.org/CVERecord?id=CVE-2023-42818
https://nvd.nist.gov/vuln/detail/CVE-2023-42818

Back to Vulnerability Database

CVE-2023-42818

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations