github.com/jumpserver/koko (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/jumpserver/koko, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-43651 — CVSS 8.5 (high): JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary…
CVE-2023-42818 — CVSS 5.4 (medium): JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not…