| |
Vulnerability CVE-2023-28110
Published: 2023-03-16
| Description: |
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8. |
Type:
CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))
References: |
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29
https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
