[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-42818":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":916,"aliases":926,"duplicate_of":9,"upstream":929,"downstream":930,"duplicates":933,"related":934,"reserved_at":9,"published_at":936,"modified_at":937,"state":938,"summary":939,"references_raw":947,"kevs":968,"epss":969,"epss_history":972,"metrics":1234,"affected":1246},"CVE-2023-42818","JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.",null,[11,660],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","weakness","Draft","Class","High",[20,182,261,265,269,273,292,481,543,627],{"id":21,"name":22,"techniques":23},"CAPEC-114","Authentication Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":184,"techniques":185},"CAPEC-115","Authentication Bypass",[186],{"id":25,"name":26,"tactics":187,"countermeasures":190},[188,189],{"id":29,"name":30},{"id":32,"name":33},[191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"id":36,"name":37,"tactic":192},{"name":39},{"id":41,"name":42,"tactic":194},{"name":39},{"id":45,"name":46,"tactic":196},{"name":39},{"id":49,"name":50,"tactic":198},{"name":39},{"id":53,"name":54,"tactic":200},{"name":56},{"id":58,"name":59,"tactic":202},{"name":56},{"id":62,"name":63,"tactic":204},{"name":56},{"id":66,"name":67,"tactic":206},{"name":56},{"id":70,"name":71,"tactic":208},{"name":56},{"id":74,"name":75,"tactic":210},{"name":56},{"id":78,"name":79,"tactic":212},{"name":56},{"id":82,"name":83,"tactic":214},{"name":56},{"id":86,"name":87,"tactic":216},{"name":56},{"id":90,"name":91,"tactic":218},{"name":93},{"id":95,"name":96,"tactic":220},{"name":93},{"id":99,"name":100,"tactic":222},{"name":102},{"id":104,"name":105,"tactic":224},{"name":107},{"id":109,"name":110,"tactic":226},{"name":107},{"id":113,"name":114,"tactic":228},{"name":107},{"id":117,"name":118,"tactic":230},{"name":107},{"id":121,"name":122,"tactic":232},{"name":124},{"id":126,"name":127,"tactic":234},{"name":124},{"id":130,"name":131,"tactic":236},{"name":124},{"id":134,"name":135,"tactic":238},{"name":124},{"id":138,"name":139,"tactic":240},{"name":124},{"id":142,"name":143,"tactic":242},{"name":145},{"id":147,"name":148,"tactic":244},{"name":145},{"id":151,"name":152,"tactic":246},{"name":145},{"id":155,"name":156,"tactic":248},{"name":145},{"id":159,"name":160,"tactic":250},{"name":145},{"id":163,"name":164,"tactic":252},{"name":145},{"id":167,"name":168,"tactic":254},{"name":145},{"id":171,"name":172,"tactic":256},{"name":145},{"id":175,"name":176,"tactic":258},{"name":145},{"id":179,"name":180,"tactic":260},{"name":145},{"id":262,"name":263,"techniques":264},"CAPEC-151","Identity Spoofing",[],{"id":266,"name":267,"techniques":268},"CAPEC-194","Fake the Source of Data",[],{"id":270,"name":271,"techniques":272},"CAPEC-22","Exploiting Trust in Client",[],{"id":274,"name":275,"techniques":276},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[277],{"id":278,"name":279,"tactics":280,"countermeasures":287},"T1040","Network Sniffing",[281,284],{"id":282,"name":283},"TA0031","Credential Access",{"id":285,"name":286},"TA0102","Discovery",[288],{"id":289,"name":290,"tactic":291},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":293,"name":294,"techniques":295},"CAPEC-593","Session Hijacking",[296,340,453],{"id":297,"name":298,"tactics":299,"countermeasures":303},"T1185","Browser Session Hijacking",[300],{"id":301,"name":302},"TA0100","Collection",[304,308,312,316,320,324,328,332,336],{"id":305,"name":306,"tactic":307},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":309,"name":310,"tactic":311},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":313,"name":314,"tactic":315},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":317,"name":318,"tactic":319},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":321,"name":322,"tactic":323},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":325,"name":326,"tactic":327},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":329,"name":330,"tactic":331},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":333,"name":334,"tactic":335},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":337,"name":338,"tactic":339},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":341,"name":342,"tactics":343,"countermeasures":348},"T1550.001","Application Access Token",[344,345],{"id":29,"name":30},{"id":346,"name":347},"TA0109","Lateral Movement",[349,353,357,359,363,365,367,369,371,373,375,377,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,437,439,443,447,451],{"id":350,"name":351,"tactic":352},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":354,"name":355,"tactic":356},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":358},{"name":56},{"id":360,"name":361,"tactic":362},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":305,"name":306,"tactic":364},{"name":56},{"id":309,"name":310,"tactic":366},{"name":56},{"id":313,"name":314,"tactic":368},{"name":56},{"id":317,"name":318,"tactic":370},{"name":56},{"id":321,"name":322,"tactic":372},{"name":56},{"id":325,"name":326,"tactic":374},{"name":56},{"id":329,"name":330,"tactic":376},{"name":56},{"id":333,"name":334,"tactic":378},{"name":56},{"id":380,"name":381,"tactic":382},"D3-PT","Process Termination",{"name":93},{"id":384,"name":385,"tactic":386},"D3-PS","Process Suspension",{"name":93},{"id":388,"name":389,"tactic":390},"D3-HR","Host Reboot",{"name":93},{"id":392,"name":393,"tactic":394},"D3-HS","Host Shutdown",{"name":93},{"id":396,"name":397,"tactic":398},"D3-CR","Credential Revocation",{"name":93},{"id":400,"name":401,"tactic":402},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":404,"name":405,"tactic":406},"D3-DUC","Decoy User Credential",{"name":102},{"id":408,"name":409,"tactic":410},"D3-CH","Credential Hardening",{"name":107},{"id":412,"name":413,"tactic":414},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":416,"name":417,"tactic":418},"D3-CRO","Credential Rotation",{"name":107},{"id":420,"name":421,"tactic":422},"D3-TB","Token Binding",{"name":107},{"id":424,"name":425,"tactic":426},"D3-TBA","Token-based Authentication",{"name":107},{"id":428,"name":429,"tactic":430},"D3-RIC","Reissue Credential",{"name":124},{"id":432,"name":433,"tactic":434},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":436},{"name":145},{"id":179,"name":180,"tactic":438},{"name":145},{"id":440,"name":441,"tactic":442},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":444,"name":445,"tactic":446},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":448,"name":449,"tactic":450},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":337,"name":338,"tactic":452},{"name":145},{"id":454,"name":455,"tactics":456,"countermeasures":458},"T1563","Remote Service Session Hijacking",[457],{"id":346,"name":347},[459,461,463,465,467,469,471,473,475,479],{"id":305,"name":306,"tactic":460},{"name":56},{"id":309,"name":310,"tactic":462},{"name":56},{"id":313,"name":314,"tactic":464},{"name":56},{"id":317,"name":318,"tactic":466},{"name":56},{"id":321,"name":322,"tactic":468},{"name":56},{"id":325,"name":326,"tactic":470},{"name":56},{"id":329,"name":330,"tactic":472},{"name":56},{"id":333,"name":334,"tactic":474},{"name":56},{"id":476,"name":477,"tactic":478},"D3-ST","Session Termination",{"name":93},{"id":337,"name":338,"tactic":480},{"name":145},{"id":482,"name":483,"techniques":484},"CAPEC-633","Token Impersonation",[485],{"id":486,"name":487,"tactics":488,"countermeasures":494},"T1134","Access Token Manipulation",[489,490,493],{"id":29,"name":30},{"id":491,"name":492},"TA0005","Stealth",{"id":32,"name":33},[495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541],{"id":36,"name":37,"tactic":496},{"name":39},{"id":49,"name":50,"tactic":498},{"name":39},{"id":41,"name":42,"tactic":500},{"name":39},{"id":53,"name":54,"tactic":502},{"name":56},{"id":58,"name":59,"tactic":504},{"name":56},{"id":360,"name":361,"tactic":506},{"name":56},{"id":74,"name":75,"tactic":508},{"name":56},{"id":86,"name":87,"tactic":510},{"name":56},{"id":476,"name":477,"tactic":512},{"name":93},{"id":396,"name":397,"tactic":514},{"name":93},{"id":400,"name":401,"tactic":516},{"name":93},{"id":404,"name":405,"tactic":518},{"name":102},{"id":408,"name":409,"tactic":520},{"name":107},{"id":412,"name":413,"tactic":522},{"name":107},{"id":416,"name":417,"tactic":524},{"name":107},{"id":420,"name":421,"tactic":526},{"name":107},{"id":424,"name":425,"tactic":528},{"name":107},{"id":121,"name":122,"tactic":530},{"name":124},{"id":428,"name":429,"tactic":532},{"name":124},{"id":142,"name":143,"tactic":534},{"name":145},{"id":448,"name":449,"tactic":536},{"name":145},{"id":171,"name":172,"tactic":538},{"name":145},{"id":175,"name":176,"tactic":540},{"name":145},{"id":179,"name":180,"tactic":542},{"name":145},{"id":544,"name":545,"techniques":546},"CAPEC-650","Upload a Web Shell to a Web Server",[547],{"id":548,"name":549,"tactics":550,"countermeasures":554},"T1505.003","Web Shell",[551],{"id":552,"name":553},"TA0110","Persistence",[555,559,563,567,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,603,605,607,609,611,613,615,617,619,621,623,625],{"id":556,"name":557,"tactic":558},"D3-NNI","Network Node Inventory",{"name":39},{"id":560,"name":561,"tactic":562},"D3-PLM","Physical Link Mapping",{"name":39},{"id":564,"name":565,"tactic":566},"D3-LLM","Logical Link Mapping",{"name":39},{"id":568,"name":569,"tactic":570},"D3-EHB","Endpoint Health Beacon",{"name":56},{"id":66,"name":67,"tactic":572},{"name":56},{"id":70,"name":71,"tactic":574},{"name":56},{"id":78,"name":79,"tactic":576},{"name":56},{"id":82,"name":83,"tactic":578},{"name":56},{"id":350,"name":351,"tactic":580},{"name":56},{"id":354,"name":355,"tactic":582},{"name":56},{"id":86,"name":87,"tactic":584},{"name":56},{"id":90,"name":91,"tactic":586},{"name":93},{"id":380,"name":381,"tactic":588},{"name":93},{"id":384,"name":385,"tactic":590},{"name":93},{"id":388,"name":389,"tactic":592},{"name":93},{"id":392,"name":393,"tactic":594},{"name":93},{"id":99,"name":100,"tactic":596},{"name":102},{"id":104,"name":105,"tactic":598},{"name":107},{"id":600,"name":601,"tactic":602},"D3-RNA","Restore Network Access",{"name":124},{"id":126,"name":127,"tactic":604},{"name":124},{"id":147,"name":148,"tactic":606},{"name":145},{"id":151,"name":152,"tactic":608},{"name":145},{"id":155,"name":156,"tactic":610},{"name":145},{"id":159,"name":160,"tactic":612},{"name":145},{"id":163,"name":164,"tactic":614},{"name":145},{"id":171,"name":172,"tactic":616},{"name":145},{"id":175,"name":176,"tactic":618},{"name":145},{"id":432,"name":433,"tactic":620},{"name":145},{"id":142,"name":143,"tactic":622},{"name":145},{"id":179,"name":180,"tactic":624},{"name":145},{"id":440,"name":441,"tactic":626},{"name":145},{"id":628,"name":629,"techniques":630},"CAPEC-94","Adversary in the Middle (AiTM)",[631],{"id":632,"name":633,"tactics":634,"countermeasures":637},"T1557","Adversary-in-the-Middle",[635,636],{"id":282,"name":283},{"id":301,"name":302},[638,640,642,644,646,648,650,652,654,658],{"id":305,"name":306,"tactic":639},{"name":56},{"id":309,"name":310,"tactic":641},{"name":56},{"id":313,"name":314,"tactic":643},{"name":56},{"id":317,"name":318,"tactic":645},{"name":56},{"id":321,"name":322,"tactic":647},{"name":56},{"id":325,"name":326,"tactic":649},{"name":56},{"id":329,"name":330,"tactic":651},{"name":56},{"id":333,"name":334,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-CAA","Connection Attempt Analysis",{"name":56},{"id":337,"name":338,"tactic":659},{"name":145},{"_key":661,"id":661,"name":662,"description":663,"type":15,"status":16,"abstraction":664,"likelihood_of_exploit":9,"capec":665},"CWE-307","Improper Restriction of Excessive Authentication Attempts","The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.","Base",[666,670,720,758,823,858,912],{"id":667,"name":668,"techniques":669},"CAPEC-16","Dictionary-based Password Attack",[],{"id":671,"name":672,"techniques":673},"CAPEC-49","Password Brute Forcing",[674],{"id":675,"name":676,"tactics":677,"countermeasures":679},"T1110.001","Password Guessing",[678],{"id":282,"name":283},[680,682,684,686,688,690,692,694,696,698,702,706,708,712,716,718],{"id":360,"name":361,"tactic":681},{"name":56},{"id":53,"name":54,"tactic":683},{"name":56},{"id":74,"name":75,"tactic":685},{"name":56},{"id":396,"name":397,"tactic":687},{"name":93},{"id":400,"name":401,"tactic":689},{"name":93},{"id":404,"name":405,"tactic":691},{"name":102},{"id":408,"name":409,"tactic":693},{"name":107},{"id":412,"name":413,"tactic":695},{"name":107},{"id":416,"name":417,"tactic":697},{"name":107},{"id":699,"name":700,"tactic":701},"D3-PR","Password Rotation",{"name":107},{"id":703,"name":704,"tactic":705},"D3-PWA","Password Authentication",{"name":107},{"id":113,"name":114,"tactic":707},{"name":107},{"id":709,"name":710,"tactic":711},"D3-SPP","Strong Password Policy",{"name":107},{"id":713,"name":714,"tactic":715},"D3-OTP","One-time Password",{"name":107},{"id":428,"name":429,"tactic":717},{"name":124},{"id":448,"name":449,"tactic":719},{"name":145},{"id":721,"name":722,"techniques":723},"CAPEC-560","Use of Known Domain Credentials",[724],{"id":725,"name":726,"tactics":727,"countermeasures":735},"T1078","Valid Accounts",[728,729,730,731,732],{"id":29,"name":30},{"id":491,"name":492},{"id":552,"name":553},{"id":32,"name":33},{"id":733,"name":734},"TA0108","Initial Access",[736,738,742,746,748,750,752,754,756],{"id":41,"name":42,"tactic":737},{"name":39},{"id":739,"name":740,"tactic":741},"D3-LAM","Local Account Monitoring",{"name":56},{"id":743,"name":744,"tactic":745},"D3-DAM","Domain Account Monitoring",{"name":56},{"id":95,"name":96,"tactic":747},{"name":93},{"id":109,"name":110,"tactic":749},{"name":107},{"id":113,"name":114,"tactic":751},{"name":107},{"id":130,"name":131,"tactic":753},{"name":124},{"id":134,"name":135,"tactic":755},{"name":124},{"id":167,"name":168,"tactic":757},{"name":145},{"id":759,"name":760,"techniques":761},"CAPEC-565","Password Spraying",[762],{"id":763,"name":760,"tactics":764,"countermeasures":766},"T1110.003",[765],{"id":282,"name":283},[767,769,771,773,775,777,779,781,783,785,787,789,791,795,797,799,801,803,805,807,809,811,813,815,817,819,821],{"id":360,"name":361,"tactic":768},{"name":56},{"id":53,"name":54,"tactic":770},{"name":56},{"id":74,"name":75,"tactic":772},{"name":56},{"id":305,"name":306,"tactic":774},{"name":56},{"id":309,"name":310,"tactic":776},{"name":56},{"id":313,"name":314,"tactic":778},{"name":56},{"id":317,"name":318,"tactic":780},{"name":56},{"id":321,"name":322,"tactic":782},{"name":56},{"id":325,"name":326,"tactic":784},{"name":56},{"id":329,"name":330,"tactic":786},{"name":56},{"id":333,"name":334,"tactic":788},{"name":56},{"id":655,"name":656,"tactic":790},{"name":56},{"id":792,"name":793,"tactic":794},"D3-ANAA","Administrative Network Activity Analysis",{"name":56},{"id":396,"name":397,"tactic":796},{"name":93},{"id":400,"name":401,"tactic":798},{"name":93},{"id":404,"name":405,"tactic":800},{"name":102},{"id":408,"name":409,"tactic":802},{"name":107},{"id":412,"name":413,"tactic":804},{"name":107},{"id":416,"name":417,"tactic":806},{"name":107},{"id":699,"name":700,"tactic":808},{"name":107},{"id":703,"name":704,"tactic":810},{"name":107},{"id":113,"name":114,"tactic":812},{"name":107},{"id":709,"name":710,"tactic":814},{"name":107},{"id":713,"name":714,"tactic":816},{"name":107},{"id":428,"name":429,"tactic":818},{"name":124},{"id":448,"name":449,"tactic":820},{"name":145},{"id":337,"name":338,"tactic":822},{"name":145},{"id":824,"name":825,"techniques":826},"CAPEC-600","Credential Stuffing",[827],{"id":828,"name":825,"tactics":829,"countermeasures":831},"T1110.004",[830],{"id":282,"name":283},[832,834,836,838,840,842,844,846,848,850,852,854,856],{"id":53,"name":54,"tactic":833},{"name":56},{"id":74,"name":75,"tactic":835},{"name":56},{"id":305,"name":306,"tactic":837},{"name":56},{"id":309,"name":310,"tactic":839},{"name":56},{"id":313,"name":314,"tactic":841},{"name":56},{"id":317,"name":318,"tactic":843},{"name":56},{"id":321,"name":322,"tactic":845},{"name":56},{"id":325,"name":326,"tactic":847},{"name":56},{"id":329,"name":330,"tactic":849},{"name":56},{"id":333,"name":334,"tactic":851},{"name":56},{"id":655,"name":656,"tactic":853},{"name":56},{"id":792,"name":793,"tactic":855},{"name":56},{"id":337,"name":338,"tactic":857},{"name":145},{"id":859,"name":860,"techniques":861},"CAPEC-652","Use of Known Kerberos Credentials",[862],{"id":863,"name":864,"tactics":865,"countermeasures":867},"T1558","Steal or Forge Kerberos Tickets",[866],{"id":282,"name":283},[868,870,872,874,876,878,880,882,884,886,890,892,894,896,898,900,902,904,906,908,910],{"id":305,"name":306,"tactic":869},{"name":56},{"id":309,"name":310,"tactic":871},{"name":56},{"id":313,"name":314,"tactic":873},{"name":56},{"id":317,"name":318,"tactic":875},{"name":56},{"id":321,"name":322,"tactic":877},{"name":56},{"id":325,"name":326,"tactic":879},{"name":56},{"id":329,"name":330,"tactic":881},{"name":56},{"id":333,"name":334,"tactic":883},{"name":56},{"id":360,"name":361,"tactic":885},{"name":56},{"id":887,"name":888,"tactic":889},"D3-RTA","RPC Traffic Analysis",{"name":56},{"id":396,"name":397,"tactic":891},{"name":93},{"id":400,"name":401,"tactic":893},{"name":93},{"id":404,"name":405,"tactic":895},{"name":102},{"id":408,"name":409,"tactic":897},{"name":107},{"id":412,"name":413,"tactic":899},{"name":107},{"id":416,"name":417,"tactic":901},{"name":107},{"id":420,"name":421,"tactic":903},{"name":107},{"id":424,"name":425,"tactic":905},{"name":107},{"id":428,"name":429,"tactic":907},{"name":124},{"id":337,"name":338,"tactic":909},{"name":145},{"id":448,"name":449,"tactic":911},{"name":145},{"id":913,"name":914,"techniques":915},"CAPEC-653","Use of Known Operating System Credentials",[],[917],{"_key":918,"name":919,"source":920,"url":921,"maturity":922,"reliability_score":923,"verified":924,"type":9,"platforms":925,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_JUMPSERVER_JUMPSERVER","Jumpserver","github","https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29","poc",0.3,false,[],[927,928],"GO-2025-3570","GHSA-jv3c-27cv-w8jv",[],[931],{"_key":932},"OPENSUSE-SU-2025:15225-1",[],[935],{"_key":932},"2023-09-27T20:28:30.507Z","2025-03-25T19:28:32.560Z","Modified",{"cisa_kev":924,"cisa_ransomware":924,"cisa_vendor":9,"epss_severity":940,"epss_score":941,"severity":942,"severity_score":943,"severity_version":944,"severity_source":945,"severity_vector":946,"severity_status":938},"low",0.00174,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[948,958,963],{"url":949,"sources":950,"tags":953},"https://github.com/jumpserver/jumpserver/security/advisories/GHSA-jv3c-27cv-w8jv",[951,945,952],"cve.org","osv_go",[954,955,956,957],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB",{"url":959,"sources":960,"tags":961},"https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2",[951,945,952],[962,957],"X Refsource MISC",{"url":964,"sources":965,"tags":966},"https://nvd.nist.gov/vuln/detail/CVE-2023-42818",[952],[967],"Advisory",[],{"date":970,"score":941,"percentile":971},"2026-06-04",0.38558,[973,977,980,983,986,989,992,995,998,1001,1004,1007,1010,1013,1015,1019,1022,1025,1027,1030,1033,1036,1039,1042,1045,1048,1051,1054,1057,1059,1062,1065,1068,1071,1074,1077,1080,1083,1086,1089,1092,1094,1097,1099,1102,1105,1108,1110,1112,1115,1118,1121,1124,1127,1130,1133,1136,1139,1141,1144,1147,1150,1153,1155,1158,1161,1164,1167,1170,1173,1176,1179,1182,1184,1187,1190,1193,1196,1199,1202,1205,1208,1211,1214,1217,1220,1223,1226,1228,1231],{"date":974,"score":975,"percentile":976},"2025-11-04",0.00156,0.36936,{"date":978,"score":975,"percentile":979},"2025-11-05",0.36925,{"date":981,"score":975,"percentile":982},"2025-11-06",0.36923,{"date":984,"score":975,"percentile":985},"2025-11-07",0.36946,{"date":987,"score":975,"percentile":988},"2025-11-08",0.36944,{"date":990,"score":975,"percentile":991},"2025-11-09",0.36929,{"date":993,"score":975,"percentile":994},"2025-11-10",0.36893,{"date":996,"score":975,"percentile":997},"2025-11-11",0.36918,{"date":999,"score":975,"percentile":1000},"2025-11-12",0.36959,{"date":1002,"score":975,"percentile":1003},"2025-11-13",0.3697,{"date":1005,"score":975,"percentile":1006},"2025-11-14",0.36972,{"date":1008,"score":975,"percentile":1009},"2025-11-15",0.36969,{"date":1011,"score":975,"percentile":1012},"2025-11-16",0.36952,{"date":1014,"score":975,"percentile":991},"2025-11-17",{"date":1016,"score":1017,"percentile":1018},"2025-11-18",0.00444,0.607,{"date":1020,"score":1017,"percentile":1021},"2025-11-19",0.60711,{"date":1023,"score":1017,"percentile":1024},"2025-11-20",0.60702,{"date":1026,"score":975,"percentile":976},"2025-11-21",{"date":1028,"score":975,"percentile":1029},"2025-11-22",0.36938,{"date":1031,"score":975,"percentile":1032},"2025-11-23",0.36905,{"date":1034,"score":975,"percentile":1035},"2025-11-24",0.36887,{"date":1037,"score":975,"percentile":1038},"2025-11-25",0.36889,{"date":1040,"score":975,"percentile":1041},"2025-11-26",0.36885,{"date":1043,"score":975,"percentile":1044},"2025-11-27",0.36898,{"date":1046,"score":975,"percentile":1047},"2025-11-28",0.3688,{"date":1049,"score":975,"percentile":1050},"2025-11-29",0.36864,{"date":1052,"score":975,"percentile":1053},"2025-11-30",0.36848,{"date":1055,"score":975,"percentile":1056},"2025-12-01",0.36962,{"date":1058,"score":975,"percentile":1009},"2025-12-02",{"date":1060,"score":975,"percentile":1061},"2025-12-03",0.36967,{"date":1063,"score":975,"percentile":1064},"2025-12-04",0.3684,{"date":1066,"score":975,"percentile":1067},"2025-12-05",0.36876,{"date":1069,"score":975,"percentile":1070},"2025-12-06",0.36873,{"date":1072,"score":975,"percentile":1073},"2025-12-07",0.36845,{"date":1075,"score":975,"percentile":1076},"2025-12-08",0.36856,{"date":1078,"score":975,"percentile":1079},"2025-12-09",0.36895,{"date":1081,"score":975,"percentile":1082},"2025-12-10",0.36955,{"date":1084,"score":975,"percentile":1085},"2025-12-11",0.36982,{"date":1087,"score":975,"percentile":1088},"2025-12-12",0.3702,{"date":1090,"score":975,"percentile":1091},"2025-12-13",0.37001,{"date":1093,"score":975,"percentile":1009},"2025-12-14",{"date":1095,"score":975,"percentile":1096},"2025-12-15",0.36935,{"date":1098,"score":975,"percentile":1056},"2025-12-16",{"date":1100,"score":975,"percentile":1101},"2025-12-17",0.37009,{"date":1103,"score":975,"percentile":1104},"2025-12-18",0.37055,{"date":1106,"score":975,"percentile":1107},"2025-12-19",0.37073,{"date":1109,"score":975,"percentile":1104},"2025-12-20",{"date":1111,"score":975,"percentile":1091},"2025-12-21",{"date":1113,"score":975,"percentile":1114},"2025-12-22",0.36979,{"date":1116,"score":975,"percentile":1117},"2025-12-23",0.36976,{"date":1119,"score":975,"percentile":1120},"2025-12-24",0.36991,{"date":1122,"score":975,"percentile":1123},"2025-12-25",0.3705,{"date":1125,"score":975,"percentile":1126},"2025-12-26",0.3703,{"date":1128,"score":975,"percentile":1129},"2025-12-27",0.37052,{"date":1131,"score":975,"percentile":1132},"2025-12-28",0.3695,{"date":1134,"score":975,"percentile":1135},"2025-12-29",0.36926,{"date":1137,"score":975,"percentile":1138},"2025-12-30",0.36917,{"date":1140,"score":975,"percentile":1114},"2025-12-31",{"date":1142,"score":975,"percentile":1143},"2026-01-01",0.37127,{"date":1145,"score":975,"percentile":1146},"2026-01-02",0.371,{"date":1148,"score":975,"percentile":1149},"2026-01-03",0.37087,{"date":1151,"score":975,"percentile":1152},"2026-01-04",0.36924,{"date":1154,"score":975,"percentile":1032},"2026-01-05",{"date":1156,"score":975,"percentile":1157},"2026-01-06",0.36914,{"date":1159,"score":975,"percentile":1160},"2026-01-07",0.36942,{"date":1162,"score":975,"percentile":1163},"2026-01-08",0.36966,{"date":1165,"score":975,"percentile":1166},"2026-01-09",0.36958,{"date":1168,"score":975,"percentile":1169},"2026-01-10",0.36963,{"date":1171,"score":975,"percentile":1172},"2026-01-11",0.36937,{"date":1174,"score":975,"percentile":1175},"2026-01-12",0.36886,{"date":1177,"score":975,"percentile":1178},"2026-01-13",0.36862,{"date":1180,"score":975,"percentile":1181},"2026-01-14",0.36913,{"date":1183,"score":975,"percentile":1044},"2026-01-15",{"date":1185,"score":975,"percentile":1186},"2026-01-16",0.36921,{"date":1188,"score":975,"percentile":1189},"2026-01-17",0.36902,{"date":1191,"score":975,"percentile":1192},"2026-01-18",0.36843,{"date":1194,"score":975,"percentile":1195},"2026-01-19",0.36792,{"date":1197,"score":975,"percentile":1198},"2026-01-20",0.36771,{"date":1200,"score":975,"percentile":1201},"2026-01-21",0.36747,{"date":1203,"score":975,"percentile":1204},"2026-01-22",0.36734,{"date":1206,"score":975,"percentile":1207},"2026-01-23",0.36795,{"date":1209,"score":975,"percentile":1210},"2026-01-24",0.36799,{"date":1212,"score":975,"percentile":1213},"2026-01-25",0.36739,{"date":1215,"score":975,"percentile":1216},"2026-01-26",0.36673,{"date":1218,"score":975,"percentile":1219},"2026-01-27",0.36667,{"date":1221,"score":975,"percentile":1222},"2026-01-28",0.36653,{"date":1224,"score":975,"percentile":1225},"2026-01-29",0.3663,{"date":1227,"score":975,"percentile":1225},"2026-01-30",{"date":1229,"score":975,"percentile":1230},"2026-01-31",0.36632,{"date":1232,"score":975,"percentile":1233},"2026-02-01",0.36737,[1235,1242],{"source":951,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1236,"cvss_v4_0":9},{"baseScore":1237,"baseSeverity":1238,"vectorString":1239,"impactScore":1240,"exploitabilityScore":1241},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",4.2,7.2,{"source":945,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":1243,"cvss_v4_0":9},{"baseScore":943,"baseSeverity":1244,"vectorString":946,"impactScore":943,"exploitabilityScore":1245},"CRITICAL",10,[1247,1263,1274,1280],{"ecosystem":9,"name":1248,"vendor":1249,"product":1248,"cpe_part":1250,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1251},"jumpserver","fit2cloud","a",[1252,1258],{"version":1253,"is_range":1254,"range_type":1255,"version_start":9,"version_start_type":9,"version_end":1256,"version_end_type":1257,"fixed_in":9},"lt3.5.6",true,"cpe","3.5.6","excluding",{"version":1259,"is_range":1254,"range_type":1255,"version_start":1260,"version_start_type":1261,"version_end":1262,"version_end_type":1257,"fixed_in":9},"gte3.6.0_lt3.6.5","3.6.0","including","3.6.5",{"ecosystem":1264,"name":1265,"vendor":1266,"product":1248,"cpe_part":9,"purl_type":1267,"purl_namespace":1266,"purl_name":1248,"source":9,"versions":1268},"Go","github.com/jumpserver/jumpserver","github.com/jumpserver","golang",[1269],{"version":1270,"is_range":1254,"range_type":1271,"version_start":1272,"version_start_type":1261,"version_end":1273,"version_end_type":1257,"fixed_in":9},"gte3_6_0+incompatible_lt3_6_5+incompatible","semver","3.6.0+incompatible","3.6.5+incompatible",{"ecosystem":1264,"name":1275,"vendor":1266,"product":1276,"cpe_part":9,"purl_type":1267,"purl_namespace":1266,"purl_name":1276,"source":9,"versions":1277},"github.com/jumpserver/koko","koko",[1278],{"version":1279,"is_range":1254,"range_type":1271,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":9,"name":1248,"vendor":1248,"product":1248,"cpe_part":1250,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1281},[1282,1284],{"version":1283,"is_range":1254,"range_type":951,"version_start":1260,"version_start_type":1261,"version_end":1262,"version_end_type":1257,"fixed_in":9},">= 3.6.0, \u003C 3.6.5",{"version":1285,"is_range":1254,"range_type":951,"version_start":9,"version_start_type":9,"version_end":1256,"version_end_type":1257,"fixed_in":9},"\u003C 3.5.6"]