Home > Vulnerability Database > CVE-2023-46138

Mend.io Vulnerability Database

CVE-2023-46138

Good to know:

Date: October 30, 2023

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually.

Language: Python

Severity Score

3.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46138

Url: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-9mrc-75cv-46cq

Url: https://github.com/jumpserver/jumpserver/commit/15a5dda9e0cdbe2ac618a6b2a09df8928f485c88

Url: https://www.mend.io/vulnerability-database/CVE-2023-46138

Severity Score

3.7

Weakness Type (CWE)

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

Upgrade Version

Upgrade to version v3.8.0

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46138

Good to know:

Date: October 30, 2023

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?