How severe is CVE-2023-28110?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2023-28110?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2023-28110 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8.

Related Vulnerabilities

CVE-2016-2396

CRITICAL

CVSS:9.9(Critical)

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vec...

CWE-772016

CVE-2022-26042

CRITICAL

CVSS:9.9(Critical)

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. A...

CWE-772022

CVE-2022-26085

CRITICAL

CVSS:9.9(Critical)

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An a...

CWE-772022

CVE-2022-36786

CRITICAL

CVSS:9.9(Critical)

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this ...

CWE-772022

CVE-2022-46641

CRITICAL

CVSS:9.9(Critical)

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.

CWE-772022

CVE-2022-46642

CRITICAL

CVSS:9.9(Critical)

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

CWE-772022