Aggregates CVE and security vulnerability intelligence across all goteleport-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk command injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-38599 | Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | [email protected] | 6.5 | 0.34% | 2022-12-08 | 2025-04-23 |
| CVE-2022-36633 | Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | [email protected] | 8.8 | 30.29% | 2022-08-24 | 2024-11-21 |
| CVE-2021-41395 | Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. | [email protected] | 6.5 | 0.22% | 2021-09-18 | 2024-11-21 |
| CVE-2021-41394 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. | [email protected] | 5.3 | 0.29% | 2021-09-18 | 2024-11-21 |
| CVE-2021-41393 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. | [email protected] | 9.8 | 0.40% | 2021-09-18 | 2024-11-21 |