JumpServer Unauthorized LDAP Configuration Access via WebSocket
Vulnerability
A vulnerability in JumpServer prior to v3.10.21-lts and v4.10.12-lts allows low-privileged authenticated users to bypass authorization checks and access LDAP configuration features through the /ws/ldap/ WebSocket endpoint. This could lead to unauthorized LDAP synchronization or exposure of LDAP credentials by sending crafted messages to the server.
Impact
Exploitation of this vulnerability could result in unauthorized access to LDAP configuration, unintended synchronization operations, or exposure of stored LDAP bind credentials to an attacker-controlled server.
Reproduction
To reproduce this vulnerability, authenticate as a low-privileged user and establish a WebSocket connection to the /ws/ldap/ endpoint. Send a JSON message requesting an LDAP configuration test or synchronization, including details such as the LDAP server URI, bind DN, search OU, and user attribute mapping. The server will perform the requested action, potentially exposing credentials or importing users.
Remediation
Users can upgrade to JumpServer v3.10.21-lts or v4.10.12-lts to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.