Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Goteleport Subscribe
Filtered by product Teleport
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38599 1 Goteleport 1 Teleport 2022-12-12 N/A 6.5 MEDIUM
Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.
CVE-2022-36633 1 Goteleport 1 Teleport 2022-09-30 N/A 8.8 HIGH
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
CVE-2021-41393 1 Goteleport 1 Teleport 2022-07-12 7.5 HIGH 9.8 CRITICAL
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394 1 Goteleport 1 Teleport 2021-09-29 5.0 MEDIUM 5.3 MEDIUM
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41395 1 Goteleport 1 Teleport 2021-09-29 6.4 MEDIUM 6.5 MEDIUM
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.