¡¾Îó²îͨ¸æ¡¿JumpServerÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î

Ðû²¼Ê±¼ä 2021-01-15

0x00 Îó²î¸ÅÊö

CVE  ID


ʱ   ¼ä

2021-01-15

Àà   ÐÍ

ÏÂÁîÖ´ÐÐ

µÈ   ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

image.png

 

JumpServer ÊÇÈ«ÇòÊ׿ԴµÄ±¤ÀÝ»ú£¬£¬£¬ £¬£¬ÓÉPython/Django ¿ª·¢£¬£¬£¬ £¬£¬Ê¹Óà GNU GPL v2.0 ¿ªÔ´Ð­Òé, ÊÇÇÐºÏ 4A µÄרҵÔËάÉó¼Æϵͳ¡£¡£¡£¡£±ðµÄ£¬£¬£¬ £¬£¬JumpServer×ñÕÕ Web 2.0 ¹æ·¶, Å䱸ÁËÒµ½çÁìÏ鵀 Web Terminal ½â¾ö¼Æ»®£¬£¬£¬ £¬£¬½»»¥½çÃæÑŹÛÇÒÓû§ÌåÑéºÃ¡£¡£¡£¡£

2021Äê01ÔÂ15ÈÕ£¬£¬£¬ £¬£¬JumpServerÐû²¼Çå¾²¸üУ¬£¬£¬ £¬£¬ÐÞ¸´ÁËJumpServerÖеÄÒ»¸öÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î¡£¡£¡£¡£

¸ÃÎó²îÊÇJumpServer ijЩ½Ó¿Úδ×öÊÚȨÏÞÖÆ£¬£¬£¬ £¬£¬¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâÇëÇóÀ´»ñÈ¡Ãô¸ÐÐÅÏ¢£¬£¬£¬ £¬£¬»òͨ¹ýÖ´ÐÐAPI²Ù×÷¿ØÖÆÆäÖÐËùÓлúе¡¢Ö´ÐÐí§ÒâÏÂÁîµÈ¡£¡£¡£¡£

 

Ó°Ïì¹æÄ£

JumpServer < v2.6.2

JumpServer < v2.5.4

JumpServer < v2.4.5

JumpServer = v1.5.9

 

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¸ÃÎó²îÒѱ»ÐÞ¸´£¬£¬£¬ £¬£¬½¨ÒéÉý¼¶ÖÁÈçÏ°汾£º

JumpServer >= v2.6.2

JumpServer >= v2.5.4

JumpServer >= v2.4.5

 

ÏÂÔØÁ´½Ó£º

https://github.com/jumpserver/jumpserver/releases

 

ÔÝʱÐÞ¸´¼Æ»®£º

ÐÞ¸Ä Nginx ÉèÖÃÎļþÆÁÕÏÎó²î½Ó¿Ú£º

/api/v1/authentication/connection-token/

/api/v1/users/connection-token/

 

Nginx ÉèÖÃÎļþλÖãº

ÉçÇøÀÏ°æ±¾£º

/etc/nginx/conf.d/jumpserver.conf

ÆóÒµÀÏ°æ±¾£º

jumpserver-release/nginx/http_server.conf

а汾£º

jumpserver-release/compose/config_static/http_server.conf

 

ÐÞ¸Ä Nginx ÉèÖÃÎļþʵÀý£º

2.X:

### ÔÚ/api ֮ǰ£º

location /api/v1/authentication/connection-token/ {

   return 403;

}

 

location /api/v1/users/connection-token/ {

   return 403;

}

### ÐÂÔöÒÔÉÏÕâЩ

 

location /api/ {

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://core:8080;

  }

 

...

 

1.5.X£º

### ÔÚ/֮ǰ

location /api/v1/authentication/connection-token/ {

   return 403;

}

 

location /api/v1/users/connection-token/ {

   return 403;

}

### ÐÂÔöÒÔÉÏÕâЩ

 

location /{

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header Host $host;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://core:8080;

  }

 

...

 

ÐÞ¸ÄÍê³ÉºóÖØÆô nginx£º

docker:

docker restart jms_nginx

nginx:

systemctl restart nginx

 

0x03 ²Î¿¼Á´½Ó

https://github.com/jumpserver/jumpserver/blob/master/README.md

https://github.com/jumpserver/jumpserver/releases

https://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCg

 

0x04 ʱ¼äÏß

2021-01-15  JumpServerÐû²¼Çå¾²¸üÐÂ

2021-01-15  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png