An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.Referenceshttps://mp.weixin.qq.com/s/5tgcaIrnDnGP-LvWPw9YCghttps://s.tencent.com/research/bsafe/1228.htmlhttps://blog.fit2cloud.com/?p=1764
