{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T01:20:46.087","vulnerabilities":[{"cve":{"id":"CVE-2024-29020","sourceIdentifier":"security-advisories@github.com","published":"2024-03-29T15:15:11.437","lastModified":"2025-01-09T17:20:18.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6."},{"lang":"es","value":"JumpServer es un host bastión de código abierto y un sistema de auditoría de seguridad de operación y mantenimiento. Un atacante autorizado puede obtener información confidencial contenida en los archivos del libro de jugadas si logra conocer el ID del libro de jugadas de otro usuario. Esta violación de la confidencialidad puede llevar a la divulgación de información y a la exposición de datos confidenciales. Esta vulnerabilidad se solucionó en v3.10.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.10.6","matchCriteriaId":"07104EF2-D3BA-4E56-95DB-23114EF726F7"}]}]}],"references":[{"url":"https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}