CVE-2023-42442
CVE-2023-42442 is a high-severity vulnerability in Fit2cloud Jumpserver with a CVSS 3.x base score of 8.2. Its EPSS exploit-prediction score of 56% places it in the 99th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-287.
Key facts
- Severity: High (CVSS 3.x base score 8.2)
- EPSS exploit prediction: 56% (99th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-287
- Affected product: Fit2cloud Jumpserver
- Published:
- Last modified:
Description
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).
Frequently asked questions
- What is CVE-2023-42442?
- JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).
- How severe is CVE-2023-42442?
- CVE-2023-42442 has a CVSS 3.x base score of 8.2, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability high.
- Is CVE-2023-42442 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 56% (99th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-42442?
- CVE-2023-42442 affects Fit2cloud Jumpserver. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-42442?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2023-42442 published?
- CVE-2023-42442 was published on 2023-09-15 and last updated on 2026-06-17.
References
- https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91
- https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a
- https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw
Affected products (1)
- cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*
More vulnerabilities in Fit2cloud Jumpserver
- CVE-2024-40629 — Critical (CVSS 10.0): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand…
- CVE-2024-40628 — Critical (CVSS 10.0): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand…
- CVE-2024-29202 — Critical (CVSS 9.9): JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit…
- CVE-2024-29201 — Critical (CVSS 9.9): JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass…
- CVE-2023-48193 — Critical (CVSS 9.8): Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via…
- CVE-2025-62712 — Critical (CVSS 9.6): JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer…
All CVEs affecting Fit2cloud Jumpserver →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →