Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-48712: User authorization bug - privilege escalation

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user’s account. Limited users can impersonate another user’s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#sql#vulnerability#linux#auth#ssh

Package

warpgate (Binary)

Affected versions

<=0.8.1

Description

Summary

Privilege escalation through a non-admin user’s account.

Limited users can impersonate another user’s account if only single-factor authentication is configured.

PoC

If I know an admin username, and open the login screen and type the admin’s username and enter the wrong password, then type any other valid user’s name and password, it logs me in as the username that I entered initially with their permission. Even shows admin user’s name in the upper left.

Impact

Users of 0.8.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE