GitHub Advisory DatabaseGHSA-6XF3-5HP7-XQQGImproper token validation leading to code execution in Teleport
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.2%
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gravitational | teleport | * | cpe:2.3:a:gravitational:teleport:*:*:*:*:*:*:*:* |
References
packetstormsecurity.com/files/168477/Teleport-10.1.1-Remote-Code-Execution.html
github.com/advisories/GHSA-6xf3-5hp7-xqqg
github.com/gravitational/teleport
github.com/gravitational/teleport/pull/14726
github.com/gravitational/teleport/pull/14726/commits/46c23b9b64b944d1e82d2c8a79083f291ffdd3b6
github.com/gravitational/teleport/releases/tag/v10.1.2
github.com/gravitational/teleport/releases/tag/v8.3.17
github.com/gravitational/teleport/releases/tag/v9.3.13
nvd.nist.gov/vuln/detail/CVE-2022-36633
packetstormsecurity.com/files/168137/Teleport-9.3.6-Command-Injection.html
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.2%