CVE-2024-24763

CVSS V2 None CVSS V3 None

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available.

Overview

CVE ID
CVE-2024-24763

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-02-20T17:35:08.825Z

Last Modified Date
2024-06-04T17:43:21.712Z

Weakness Enumerations

CWE	URL
CWE-601	http://cwe.mitre.org/data/definitions/601.html

References

Reference URL	Reference Tags
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5	x_refsource_CONFIRM
https://github.com/jumpserver/jumpserver/releases/tag/v3.10.0	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-24763
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24763

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 04:16:38				Added to TrackCVE