Lucene search

Teleport Security Vulnerabilities - January

cve

CVE-2021-41393

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.

9.8CVSS

9.4AI Score

0.002EPSS

2021-09-18 04:15 PM

cve

CVE-2021-41394

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.

5.3CVSS

5.3AI Score

0.001EPSS

2021-09-18 04:15 PM

cve

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.

6.5CVSS

6.3AI Score

0.001EPSS

2021-09-18 04:15 PM

cve

CVE-2022-36633

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social eng...

8.8CVSS

8.9AI Score

0.031EPSS

2022-08-24 01:15 PM

cve

CVE-2022-38599

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.

6.5CVSS

6.4AI Score

0.001EPSS

2022-12-08 05:15 PM