CVE-2024-29024

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Mar 29, 2024

Updated: Apr 1, 2024

CWE ID 639

Summary

CVE-2024-29024 is a vulnerability affecting JumpServer, an open source bastion host and security audit system. An authenticated user can exploit an Insecure Direct Object Reference (IDOR) issue in the file manager's bulk transfer functionality. By manipulating job IDs, a user can upload malicious files, posing a risk to the system's integrity and security. This vulnerability has been resolved in version 3.10.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vFj28k
https://www.cve.org/CVERecord?id=CVE-2024-29024
https://nvd.nist.gov/vuln/detail/CVE-2024-29024

Back to Vulnerability Database

CVE-2024-29024

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations