admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create JumpServer未授权漏洞.md

Browse Source
This commit is contained in:
wy876 2023-09-26 12:38:13 +08:00 committed by GitHub
parent 9132a63d07
commit 28089bf018
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
JumpServer未授权漏洞.md Normal file
View File

@ -0,0 +1,14 @@
## CVE-2023-42442
## 影响版本
3.0.0 <= JumpServer <= 3.5.4
3.6.0 <= JumpServer <= 3.6.3
## POC
JumpServer 是一款开源的堡垒机。 在JumpServer受影响版本中由于/api/v1/terminal/sessions/接口没有添加权限认证,未授权的攻击者可以通过访问/api/v1/terminal/sessions/?limit=1获取堡垒机terminal的session信息
```
/api/v1/terminal/sessions/?limit=1
```