github.com/jumpserver/koko

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/jumpserver/kokopage 1 of 1

CVE-2023-42818MEDIUMCVSS 5.4EG 5.4
2023-09-27
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a discl…
CVE-2023-43651HIGHCVSS 8.5EG 8.5✓ Fixed in 3.7.1
2023-09-27
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root priv…

Check whether github.com/jumpserver/koko is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/jumpserver/koko CVEs against the assets you own.

Start Free Scan →