33 matches found
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347
Warpgate is an open source bastion host for Linux (SSH/HTTPS/MySQL). Before 0.23.3, the SSO flow did not validate the state parameter, enabling CSRF-style tricks where an attacker could coerce a user into logging into the attacker’s account and perform sensitive actions. The issue is fixed in ver...
CVE-2026-44347 Warpgate: SSO CSRF -- State Token Not Validated on Return
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347 Warpgate: SSO CSRF -- State Token Not Validated on Return
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
PT-2026-40469
Name of the Vulnerable Software and Affected Versions Warpgate versions prior to 0.23.3 Description The SSO flow fails to validate the state parameter. This allows an attacker to trick a user into logging into an account controlled by the attacker, which could lead the user to perform sensitive...
Warpgate 跨站请求伪造漏洞
Warpgate is a smart SSH, HTTPS, and MySQL BH developed by the warp-tech project for Linux. Versions of Warpgate prior to 0.23.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the SSO process not verifying the state parameter, which could allow attackers to...
CVE-2023-43660
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...
EUVD-2023-48049
Malicious code in bioql PyPI...
CVE-2023-48712
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-37268
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been...
CVE-2023-48712
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
Privilege escalation
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-48712
Warpgate prior to version 0.9.0 contains a privilege escalation vulnerability where a non-admin user can impersonate an admin account during login when single‑factor auth is configured. An attacker who knows an admin username and tries a wrong password, then re-enters a valid non-admin username a...
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
Warpgate Security Breach
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux from the warp-tech project. A security vulnerability exists in Warpgate versions prior to 0.9.0. An attacker can escalate privileges by exploiting the vulnerability...
PT-2023-30917 · Warpgate · Warpgate
Name of the Vulnerable Software and Affected Versions: Warpgate versions prior to 0.9.0 Description: Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions, there is a privilege escalation issue through a non-admin user's account. Limited users can impersonat...
The vulnerability of the SSH, HTTPS, and MySQL host bastion for the Linux operating system Warpgate allows a hacker to bypass authentication processes due to errors in cryptographic signatures.
The vulnerability of the SSH, HTTPS, and MySQL servers for the Linux operating system targets Warpgate is related to errors in verifying the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...