CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

PT-2024-30666 · Chisel · Chisel

Name of the Vulnerable Software and Affected Versions: Chisel versions prior to 1.10.0 Description: The Chisel server does not read the documented AUTH environment variable used to set credentials, allowing any unauthenticated user to connect, even if credentials were set. This issue affects anyo...