CVE-2023-42818

Aliases:GO-2025-3570GHSA-jv3c-27cv-w8jv
Advisory lineage Upstream: 0 Downstream: 1
Modified
Published: 27 Sept 2023, 20:28
Last modified:25 Mar 2025, 19:28

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
0.17% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

27 Sept 2023, 20:28
Published
Vulnerability first disclosed
25 Mar 2025, 19:28
Last Modified
Vulnerability information updated

Description

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Metrics

  • v3.1MEDIUMScore: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.17% Percentile: 39%

Techniques & Countermeasures

  • CWE-287Improper Authentication

    When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

  • CWE-307Improper Restriction of Excessive Authentication Attempts

    The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Affected Systems

  • fit2cloudjumpserver

    < 3.5.6 | ≥ 3.6.0, < 3.6.5

  • github.com/jumpserverjumpserver

    ≥ 3.6.0+incompatible, < 3.6.5+incompatible

  • github.com/jumpserverkoko

    all

  • jumpserverjumpserver

    ≥ 3.6.0, < 3.6.5 | < 3.5.6

References (3)