CVE-2023-28110

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6x5p-jm59-jh29", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "name": "https://github.com/jumpserver/jumpserver/releases/tag/v2.28.8", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-28110", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2023-03-16T17:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-16T18:40Z"}