CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

NVD•added 2026/05/12 11:16 p.m.•7 views

CVE-2026-44347

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...

6.5CVSS0.00015EPSS

Exploits1References1

Vulnrichment•added 2026/05/12 10:44 p.m.•4 views

CVE-2026-44347 Warpgate: SSO CSRF -- State Token Not Validated on Return

5.8CVSS5.8AI score0.00015EPSS

Exploits1References1

ATTACKERKB•added 2026/05/12 10:44 p.m.•6 views

CVE-2026-44347

5.8CVSS5.8AI score0.00015EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/12 10:44 p.m.•7 views

CVE-2026-44347

Warpgate is an open source bastion host for Linux (SSH/HTTPS/MySQL). Before 0.23.3, the SSO flow did not validate the state parameter, enabling CSRF-style tricks where an attacker could coerce a user into logging into the attacker’s account and perform sensitive actions. The issue is fixed in ver...

6.5CVSS5.8AI score0.00015EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/12 10:44 p.m.•28 views

CVE-2026-44347 Warpgate: SSO CSRF -- State Token Not Validated on Return

5.8CVSS0.00015EPSS

Exploits1References1

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40469

Name of the Vulnerable Software and Affected Versions Warpgate versions prior to 0.23.3 Description The SSO flow fails to validate the state parameter. This allows an attacker to trick a user into logging into an account controlled by the attacker, which could lead the user to perform sensitive...

5.8CVSS5.8AI score0.00015EPSS

Exploits1References4

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Warpgate 跨站请求伪造漏洞

Warpgate is a smart SSH, HTTPS, and MySQL BH developed by the warp-tech project for Linux. Versions of Warpgate prior to 0.23.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the SSO process not verifying the state parameter, which could allow attackers to...

6.5CVSS5.7AI score0.00015EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:30 a.m.•2 views

CVE-2023-43660

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

8.1CVSS6.8AI score0.00038EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-48049

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00038EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 4:22 a.m.•4 views

CVE-2023-48712

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...

8.8CVSS7.4AI score0.00209EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:3 a.m.•6 views

CVE-2023-37268

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...

8.8CVSS6.7AI score0.00222EPSS

Exploits0

NVD•added 2023/11/24 5:15 p.m.•9 views

CVE-2023-48712

8.8CVSS0.00209EPSS

Exploits0References2

Prion•added 2023/11/24 5:15 p.m.•15 views

Privilege escalation

6.5CVSS7.7AI score0.00209EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/11/24 5:2 p.m.•16 views

CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate

7.1CVSS9.3AI score0.00209EPSS

Exploits0References2

OSV•added 2023/11/24 5:2 p.m.•13 views

CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate

7.1CVSS8.8AI score0.00209EPSS

Exploits0References4

CVE•added 2023/11/24 5:2 p.m.•38 views

CVE-2023-48712

Warpgate prior to version 0.9.0 contains a privilege escalation vulnerability where a non-admin user can impersonate an admin account during login when single‑factor auth is configured. An attacker who knows an admin username and tries a wrong password, then re-enters a valid non-admin username a...

8.8CVSS8.2AI score0.00209EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/11/24 12:0 a.m.•3 views

PT-2023-30917 · Warpgate · Warpgate

Name of the Vulnerable Software and Affected Versions: Warpgate versions prior to 0.9.0 Description: Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions, there is a privilege escalation issue through a non-admin user's account. Limited users can impersonat...

8.8CVSS9AI score0.00209EPSS

Exploits0References5

CNNVD•added 2023/11/24 12:0 a.m.•3 views

Warpgate Security Breach

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux from the warp-tech project. A security vulnerability exists in Warpgate versions prior to 0.9.0. An attacker can escalate privileges by exploiting the vulnerability...

8.8CVSS6.8AI score0.00209EPSS

Exploits0References2

NVD•added 2023/09/27 10:15 p.m.•11 views

CVE-2023-43660

8.1CVSS6AI score0.00038EPSS

Exploits0References2

Prion•added 2023/09/27 10:15 p.m.•10 views

Authentication flaw

5.1CVSS8AI score0.00038EPSS

Exploits0References2Affected Software1

Rows per page