Is CVE-2023-42818 actively exploited?

CVE-2023-42818 has no public evidence of in-the-wild exploitation as of 2025-03-25.

What is the CVSS score for CVE-2023-42818?

CVE-2023-42818 has a CVSS score of 5.4 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L.

How do I patch CVE-2023-42818?

Patch guidance is available from fit2cloud security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-42818.

CVE-2023-42818 - remediation guidance & executive summary

Q: Which products are affected by CVE-2023-42818?

2 products: fit2cloud jumpserver, fit2cloud jumpserver.

Description

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low
Weaknesses: CWE-287 · Improper Authentication CWE-307

Metadata

Primary Vendor: FIT2CLOUD
Published: 9/27/2023
Last Modified: 3/25/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2023-42818

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary