Keypoints
- Two RCE vulnerabilities (CVE-2024-29201, CVE-2024-29202) affect JumpServer versions prior to 3.10.7, with a critical CVSS of 9.9.
- CVE-2024-29201: input validation bypass in JumpServer’s Ansible playbook handling allows Unicode-encoded characters to circumvent unsafe-keyword checks and run arbitrary shell commands via the playbook ‘shell’ field.
- CVE-2024-29202: Jinja2 template injection in Ansible enables a malicious template to execute commands when a playbook job is created and run.
- Exploitation requires network access, a low-privileged user account, permission to at least one asset, creation of a playbook template, and running the resulting job.
- The jms_celery container runs as root, so successful exploitation yields root-level command execution, database access, and potential compromise of managed assets and internal networks.
- SonicWall released IPS signatures (19849, 19850) to detect these attacks; recommended remediation is upgrading to JumpServer v3.10.7 or disabling the Operation Center feature temporarily.
MITRE Techniques
- [T1190] Exploit Public-Facing Application – Vulnerabilities in JumpServer allow low-privileged users to execute arbitrary code in the Celery container with root privileges; quote: ‘allows a threat actor with a low-privileged user account to execute arbitrary code within the Celery container with root privileges.’
- [T1059] Command and Scripting Interpreter – Attackers inject commands via the playbook ‘shell’ field and malicious Jinja2 templates to execute arbitrary shell commands; quote: ‘running the command specified in the ‘shell’ field’ and ‘malicious template … execute the desired command.’
- [T1140] Deobfuscate/Decode Files or Information – Input validation is bypassed by using Unicode representations of characters (e.g., ‘u0064’ instead of ‘d’) to evade keyword filters; quote: ‘it can be circumvented using the Unicode representation of the character … ‘u0064’ instead of the character ‘d’.’
- [T1005] Data from Local System – Root-level code execution in the Celery container grants access to databases and sensitive information across managed assets; quote: ‘yields the threat actor database access and access to the sensitive information across all the managed assets.’
Indicators of Compromise
- [CVE] Vulnerability identifiers – CVE-2024-29201, CVE-2024-29202
- [Container name] Targeted runtime – jms_celery (container that runs with root privileges)
- [IPS signature] Detection signatures published by SonicWall – 19849 JumpServer Ansible Playbook Input Validation Bypass, 19850 JumpServer Ansible Playbook Jinja2 Template Injection
- [Domain] Product and advisory references – jumpserver.org, blog.sonicwall.com
- [URL] Original advisory – https://blog.sonicwall.com/en-us/2024/04/multiple-remote-code-execution-vulnerabilities-in-jumpserver/
JumpServer contains two distinct Ansible-related remote code execution paths that require only a low-privileged account and network access. CVE-2024-29201 stems from insufficient input validation in playbook templates: JumpServer blocks specific unsafe keywords but the filter can be bypassed by encoding characters using Unicode escape sequences (for example, using ‘u0064’ instead of ‘d’), allowing an attacker to place a command in the playbook ‘shell’ field and create/run a job that executes it. CVE-2024-29202 exploits Jinja2 template rendering by injecting a crafted template into a playbook; when a job based on that template runs, the template executes arbitrary commands in the jms_celery container.
To exploit either issue an attacker must have network access to the JumpServer instance, a low-privileged user account with permission to at least one asset, and the ability to create a playbook template and start a playbook job. Because the Celery worker container (jms_celery) runs as root, successful exploitation yields root-equivalent command execution, exposing databases and sensitive information across managed hosts, devices, and services and potentially allowing pivoting into the private network.
Mitigation steps: upgrade JumpServer to v3.10.7 immediately. If an immediate upgrade is not possible, temporarily disable the Operation Center (System Settings > Features > Task Center) to reduce risk. SonicWall has published IPS signatures (19849 and 19850) to help detect exploitation attempts while systems are being remediated.