CVE-2024-29201

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Mar 29, 2024

Updated: Apr 1, 2024

CWE ID 94

Summary

CVE-2024-29201 is a newly identified vulnerability affecting JumpServer, an open-source bastion host and security audit system. The issue lies in the Ansible component of JumpServer, which has a bypassed input validation mechanism. This flaw allows attackers to inject arbitrary code into the Celery container, which runs with root privileges and has database access. The potential consequences of exploiting this vulnerability include data theft or manipulation, affecting all connected hosts. A fix for this vulnerability is available in JumpServer version 3.10.7.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vFkmXO
https://www.cve.org/CVERecord?id=CVE-2024-29201
https://nvd.nist.gov/vuln/detail/CVE-2024-29201

Back to Vulnerability Database

CVE-2024-29201

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations