GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...

PT-2024-30666 · Chisel · Chisel

Name of the Vulnerable Software and Affected Versions: Chisel versions prior to 1.10.0 Description: The Chisel server does not read the documented AUTH environment variable used to set credentials, allowing any unauthenticated user to connect, even if credentials were set. This issue affects anyo...