Every CVE whose affected-product data names Fit2cloud Jumpserver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2024-40629 — CVSS 10.0 (critical): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to…
CVE-2024-40628 — CVSS 10.0 (critical): JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to…
CVE-2024-29202 — CVSS 9.9 (critical): JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template…
CVE-2024-29201 — CVSS 9.9 (critical): JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation…
CVE-2023-48193 — CVSS 9.8 (critical): Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command…
CVE-2025-62712 — CVSS 9.6 (critical): JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to…
CVE-2023-42819 — CVSS 8.9 (high): JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the…
CVE-2023-43651 — CVSS 8.5 (high): JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary…
CVE-2023-42442 — CVSS 8.2 (high): JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and…
CVE-2023-43650 — CVSS 8.2 (high): JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to…
CVE-2023-43652 — CVSS 8.2 (high): JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and…
CVE-2025-62795 — CVSS 7.1 (high): JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a…
CVE-2023-42820 — CVSS 7.0 (high): JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing…
CVE-2026-31864 — CVSS 6.8 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI)…
CVE-2025-58044 — CVSS 6.1 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The…
CVE-2023-28110 — CVSS 5.7 (medium): Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's…
CVE-2023-42818 — CVSS 5.4 (medium): JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not…
CVE-2023-46123 — CVSS 5.3 (medium): jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A…
CVE-2026-31798 — CVSS 5.0 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer…
CVE-2024-29024 — CVSS 4.6 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the…
CVE-2024-29020 — CVSS 4.6 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain…
CVE-2024-24763 — CVSS 4.3 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can…
CVE-2025-27095 — CVSS 4.3 (medium): JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker…
CVE-2023-46138 — CVSS 3.7 (low): JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version…