¡¾·ì϶¹«¸æ¡¿JumpServerÔ¶³ÌºÅÁîÖ´Ðзì϶

°ä²¼¹¦·ò 2021-01-15

0x00 ·ì϶¸ÅÊö

CVE  ID


ʱ   ¼ä

2021-01-15

Àà   ÐÍ

ºÅÁîÖ´ÐÐ

µÈ   ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


 

0x01 ·ì϶ÏêÇé

image.png

 

JumpServer ÊÇÈ«ÇòÊ׿ԴµÄµï±¤»ú£¬ÓÉPython/Django ¿ª·¢£¬Ê¹Óà GNU GPL v2.0 ¿ªÔ´ºÍ̸, ÊÇÇÐºÏ 4A µÄרҵÔËάÉó¼Æϵͳ¡£´Ë±í£¬JumpServer×ñÑ­ Web 2.0 ¹æ·¶, ½¨ÉèÁËÒµ½çµ±Ï鵀 Web Terminal ½â¾ö¹æ»®£¬½»»¥½çÃæÃÀ¹ÛÇÒÓû§ÂÄÀúºÃ¡£

2021Äê01ÔÂ15ÈÕ£¬JumpServer°ä²¼°²È«¸üУ¬½¨¸´ÁËJumpServerÖеÄÒ»¸öÔ¶³ÌºÅÁîÖ´Ðзì϶¡£

¸Ã·ì϶ÊÇJumpServer ijЩ½Ó¿Úδ×öÊÚȨÏ޶ȣ¬¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâÒªÇóÀ´»ñÈ¡Ãô¸ÐÐÅÏ¢£¬»òͨ¹ýÖ´ÐÐAPI²Ù×÷½ÚÔìÆäÖÐËùÓлúе¡¢Ö´ÐÐËÁÒâºÅÁîµÈ¡£

 

Ó°ÏìÁìÓò

JumpServer < v2.6.2

JumpServer < v2.5.4

JumpServer < v2.4.5

JumpServer = v1.5.9

 

 

0x02 ´ëÖý¨Òé

Ä¿Ç°¸Ã·ì϶Òѱ»½¨¸´£¬½¨ÒéÉý¼¶ÖÁÈçÏ°汾£º

JumpServer >= v2.6.2

JumpServer >= v2.5.4

JumpServer >= v2.4.5

 

ÏÂÔØÁ´½Ó£º

https://github.com/jumpserver/jumpserver/releases

 

һʱ½¨¸´¹æ»®£º

Åú¸Ä Nginx ÅäÖÃÎļþÆÁ±Î·ì϶½Ó¿Ú£º

/api/v1/authentication/connection-token/

/api/v1/users/connection-token/

 

Nginx ÅäÖÃÎļþµØλ£º

ÉçÇøÀÏ°æ±¾£º

/etc/nginx/conf.d/jumpserver.conf

ÆóÒ·ϰ汾£º

jumpserver-release/nginx/http_server.conf

а汾£º

jumpserver-release/compose/config_static/http_server.conf

 

Åú¸Ä Nginx ÅäÖÃÎļþÊ·ý£º

2.X:

### ÔÚ/api ֮ǰ£º

location /api/v1/authentication/connection-token/ {

   return 403;

}

 

location /api/v1/users/connection-token/ {

   return 403;

}

### ÐÂÔöÒÔÉÏÕâЩ

 

location /api/ {

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://core:8080;

  }

 

...

 

1.5.X£º

### ÔÚ/֮ǰ

location /api/v1/authentication/connection-token/ {

   return 403;

}

 

location /api/v1/users/connection-token/ {

   return 403;

}

### ÐÂÔöÒÔÉÏÕâЩ

 

location /{

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://core:8080;

  }

 

...

 

Åú¸ÄʵÏÖºó³ÁÆô nginx£º

docker:

docker restart jms_nginx

nginx:

systemctl restart nginx

 

0x03 ²Î¿¼Á´½Ó

https://github.com/jumpserver/jumpserver/blob/master/README.md

https://github.com/jumpserver/jumpserver/releases

https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg

 

0x04 ¹¦·òÏß

2021-01-15  JumpServer°ä²¼°²È«¸üÐÂ

2021-01-15  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png