The critical vulnerabilities in JumpServer’s Ansible that allowed attackersto execute arbitrary remote code have been patched.
With a CVSS base score of 10, the critical vulnerabilities identified as CVE-2024-29201 and CVE-2024-29202 impact versions v3.0.0-v3.10.6.
A jump server is an intermediary device that uses a supervised secure channel to route traffic across firewalls.
It is often most advantageous to large and small enterprises since it provides more visibility and control over internal servers and domains, as well as the ability to stratify security zones for increasedbreach prevention.
CVE-2024-29201– Insecure Ansible Playbook Validation
According to GitHub reports, the vulnerability arises from bypassing input validation in the Ansible module of JumpServer.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Attackers can run arbitrary code within the Celery container by evading JumpServer’s Ansible input validation mechanism.
Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.
Additionally, by taking advantage of the vulnerability, an attacker with a low-privilege user account can run arbitrary code within the Celery container.
CVE-2024-29202 – Jinja2 template injection in Ansible
In this case, attackers can run arbitrary code inside the Celery container by taking advantage of a Jinja2 template injection vulnerability in JumpServer’s Ansible.
Because the Celery container has database access and root rights, attackers could modify the database or steal confidential data from every host.
Additionally, this vulnerability in the Celery container allows an attacker with a low-privilege user account to run arbitrary code.
Affected Versions
The vulnerabilities affected versions v3.0.0-v3.10.6
Fixed Version
This vulnerability is fixed in v3.10.7.
Hence, to avoid these critical vulnerabilities, users are advised to apply the patch as soon as feasible.
