Vulnerability Database

315,294

Total vulnerabilities in the database

CVE-2023-42820

JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.

Published: Sep 27, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-42820
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
fit2cloud / jumpserver	3.0.0	3.6.5
fit2cloud / jumpserver	2.24.0	2.28.19

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo