プラットフォーム
python
コンポーネント
jumpserver
修正版
3.0.1
CVE-2024-29202 describes a critical Remote Code Execution (RCE) vulnerability discovered in JumpServer, an open-source bastion host. This flaw allows attackers to inject malicious Jinja2 templates within the Ansible component, leading to arbitrary code execution within the Celery container. The vulnerability impacts JumpServer versions 3.0.0 through 3.10.6, and a fix is available in version 3.10.7.
The impact of CVE-2024-29202 is severe. Successful exploitation allows an attacker to execute arbitrary code within the Celery container, which runs with root privileges and has access to the JumpServer database. This grants the attacker the ability to steal sensitive information from all managed hosts, manipulate the database, and potentially gain complete control over the JumpServer environment. The root privileges within the Celery container significantly amplify the potential damage, enabling attackers to escalate their privileges and compromise the underlying infrastructure. This vulnerability shares similarities with other template injection flaws where attackers can leverage the template engine to execute arbitrary commands.
CVE-2024-29202 was publicly disclosed on March 29, 2024. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and severity.
Organizations utilizing JumpServer as a bastion host, particularly those with legacy configurations or those who have not implemented robust input validation practices, are at significant risk. Shared hosting environments where multiple users share a JumpServer instance are also particularly vulnerable, as a compromise of one user could lead to a compromise of the entire system.
• linux / server:
journalctl -u jumpserver-celery -g 'jinja2' | grep -i error• generic web:
curl -I <jumpServer_URL>/ansible/ | grep 'Content-Type: text/html'• python: Examine JumpServer Ansible configuration files for unsanitized user input used in Jinja2 templates.
disclosure
エクスプロイト状況
EPSS
81.15% (99% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-29202 is to immediately upgrade JumpServer to version 3.10.7 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the Celery container to only authorized sources. Implement strict input validation on all data passed to the Ansible component to prevent template injection. Monitor JumpServer logs for suspicious activity related to Jinja2 template processing. After upgrading, confirm the fix by attempting to trigger the vulnerability with a known payload and verifying that it is no longer exploitable.
JumpServerをバージョン3.10.7以降にアップデートしてください。このバージョンでは、AnsibleにおけるJinja2テンプレートインジェクションの脆弱性が修正されており、リモートコード実行を可能にします。アップデートすることで、攻撃者がCeleryコンテナで任意のコードを実行し、機密情報にアクセスするリスクを軽減できます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-29202 is a critical Remote Code Execution vulnerability in JumpServer versions 3.0.0–3.10.6, allowing attackers to execute arbitrary code via a Jinja2 template injection.
If you are running JumpServer versions 3.0.0 through 3.10.6, you are potentially affected by this vulnerability. Upgrade to 3.10.7 or later immediately.
The recommended fix is to upgrade JumpServer to version 3.10.7 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting network access and input validation.
While no confirmed active exploitation campaigns have been reported, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official JumpServer security advisory for detailed information and updates: [https://github.com/JumpCloud/JumpServer/security/advisories/GHSA-9999](https://github.com/JumpCloud/JumpServer/security/advisories/GHSA-9999)
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。