Withdrawn Advisory: User-provided environment values allow execution on macOS agents
Agents running on macOS could be susceptible to unexpected code execution through user supplied environment variables.
Advisories for Golang/Github.com/Gravitational/Teleport package
2024
Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users
An authenticated attacker with valid credentials (user or host) can make non-blind Server-Side Request Forgery (SSRF) through the proxy and/or agents to arbitrary hosts. During investigation of this functionality, it was discovered that there are several permutations where this SSRF is possible. This release addresses all but one: a root proxy administrator with access to the root proxy credentials can make requests through leaf proxies in Trusted Clusters. This behavior …
Withdrawn Advisory: Teleport Access List owners can escalate their privileges
Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation.
Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access
An attacker that has access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the Proxy server are still respected, so files can only be read or modified on the Proxy if the user has system access to read or write to them.
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users
Impact An authenticated attacker with valid credentials (user or host) can make non-blind Server-Side Request Forgery (SSRF) through the proxy and/or agents to arbitrary hosts. During investigation of this functionality, it was discovered that there are several permutations where this SSRF is possible. This release addresses all but one: a root proxy administrator with access to the root proxy credentials can make requests through leaf proxies in Trusted Clusters. This …
Teleport Access List owners can escalate their privileges
Impact Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation. Patches Fixed in version 14.2.4 and 13.4.13
SFTP is possible on the Proxy server for any user with SFTP access
Impact An attacker that has access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the Proxy server are still respected, so files can only be read or modified on the Proxy if the user has system access to read or write to them. Patches Fixed in versions 14.2.4, 13.4.13 and 12.4.31. Workarounds This issue can be mitigated by ensuring that …
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in github.com/gravitational/teleport.
2022
Improper Neutralization
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.