Home > Vulnerability Database > CVE-2023-46123

Mend.io Vulnerability Database

CVE-2023-46123

Date: October 24, 2023

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.

Language: Python

Severity Score

5.3

Related Resources (5)

Url: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-hvw4-766m-p89f

Url: https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2

Url: https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46123

Url: https://www.mend.io/vulnerability-database/CVE-2023-46123

Severity Score

5.3

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46123

Date: October 24, 2023

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?