Goteleport

goteleport

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38599 1Goteleport 1Teleport Apr 23, 2025 Dec 8, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.
CVE-2022-36633 1Goteleport 1Teleport Nov 21, 2024 Aug 24, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url enc...Show more Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.Show less
CVE-2021-41395 1Goteleport 1Teleport Nov 21, 2024 Sep 18, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVE-2021-41394 1Goteleport 1Teleport Nov 21, 2024 Sep 18, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41393 1Goteleport 1Teleport Nov 21, 2024 Sep 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.