Security
Headlines

Headlines Latest CVEs

Headline

GHSA-76cc-p55w-63g3: Teleport Access List owners can escalate their privileges

Impact

Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation.

Patches

Fixed in version 14.2.4 and 13.4.13

11 months ago

GitHub Advisory Database
GitHub Reviewed
GHSA-76cc-p55w-63g3

Teleport Access List owners can escalate their privileges

Critical severity GitHub Reviewed Published Dec 29, 2023 in gravitational/teleport • Updated Jan 3, 2024

Package

gomod github.com/gravitational/teleport (Go)

Affected versions

>= 14.0.0, < 14.2.4

>= 13.0.0, < 13.4.13

Patched versions

14.2.4

13.4.13

Impact

Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation.

Patches

Fixed in version 14.2.4 and 13.4.13

References

GHSA-76cc-p55w-63g3

Published to the GitHub Advisory Database

Jan 3, 2024

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP

9 hours ago

GHSA-j5vv-6wjg-cfr8: changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

9 hours ago

GHSA-qx95-cwh6-9mvq: TCPDF missing character escape on error messages

21 hours ago

GHSA-w95c-7994-ghpr: TCPDF has incorrect comparison

21 hours ago

GHSA-9mgx-552f-59p6: TCPDF missing certificate validation

21 hours ago