Primary

Context

JumpServer Open Redirect Vulnerability in I18N Endpoint

Vulnerability

Patched

An open redirect vulnerability has been identified in JumpServer, an open-source bastion host and operation maintenance security audit system. The issue is present in versions prior to v3.10.19 and v4.10.5. The vulnerability arises because the /core/i18n// endpoint improperly validates the Referer header before using it as a redirection target, allowing for open redirect exploitation.

Impact

Exploitation of this vulnerability allows for open redirect, where users can be redirected to malicious sites under certain conditions.

Reproduction

To reproduce this vulnerability, send a request to the /core/i18n/ko/ endpoint with a Referer header pointing to an external site, such as Google. The server will redirect the request based on the Referer header without proper validation, demonstrating the open redirect vulnerability.

Remediation

Users are advised to upgrade to JumpServer versions v3.10.19 or v4.10.5.

Added: Dec 1, 2025, 9:24 PM

Updated: Dec 1, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

9.5

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

9.5

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JumpServer Open Redirect Vulnerability in I18N Endpoint

Vulnerability

Impact

Reproduction

Remediation

Affected Products

JumpServer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating