CVE-2024-26653

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 1, 2024

Updated: Jan 14, 2025

CWE ID 415

Summary

CVE-2024-29024 is a newly disclosed vulnerability affecting JumpServer, an open-source bastion host and security audit system. The issue involves an Insecure Direct Object Reference (IDOR) weakness in the file manager's bulk transfer functionality. By manipulating job IDs, authenticated users can upload malicious files, posing a risk to the system's integrity and security. This vulnerability has been addressed in version 3.10.6, making it crucial for users to update their installations accordingly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uk559j
https://www.cve.org/CVERecord?id=CVE-2024-26653
https://nvd.nist.gov/vuln/detail/CVE-2024-26653

Back to Vulnerability Database