We have recently received user feedback and have confirmed that there is a security vulnerability in JumpServer related to connection tokens. This vulnerability may permit unauthorized access to assets and LDAP servers. We are notifying you of this issue and providing details about the affected versions, patched versions, and recommended emergency actions to help you investigate and mitigate the issue as soon as possible.
Affected versions:
JumpServer V4: <= v4.10.11 LTS
Secure versions:
JumpServer V4: >= v4.10.12 LTS
Remediation:
Upgrade JumpServer to the following secure versions as soon as possible:
JumpServer v4: Upgrade to version >= v4.10.12-lts
You can follow the instructions in the following link to upgrade JumpServer: https://www.jumpserver.com/docs/upgrade#upgrade-for-offline-installation
We highly recommend performing the upgrade to ensure comprehensive protection against this vulnerability.
Thank you for your prompt attention to this matter. If you have any questions or need further assistance, please do not hesitate to contact us.