Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38599 | 1 Goteleport | 1 Teleport | 2022-12-12 | N/A | 6.5 MEDIUM |
Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | |||||
CVE-2022-36633 | 1 Goteleport | 1 Teleport | 2022-09-30 | N/A | 8.8 HIGH |
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | |||||
CVE-2021-41393 | 1 Goteleport | 1 Teleport | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. | |||||
CVE-2021-41394 | 1 Goteleport | 1 Teleport | 2021-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. | |||||
CVE-2021-41395 | 1 Goteleport | 1 Teleport | 2021-09-29 | 6.4 MEDIUM | 6.5 MEDIUM |
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. |