Skip to main content

Teleport

7 CVEs product

Monthly

CVE-2022-38599 MEDIUM POC This Month

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Teleport
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36633 Go HIGH POC PATCH THREAT This Week

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Teleport
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
49.5%
CVE-2021-41395 MEDIUM PATCH This Month

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-41394 MEDIUM PATCH This Month

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-41393 CRITICAL PATCH Act Now

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2018-19555 HIGH POC This Week

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teleport
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19301 MEDIUM POC This Month

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teleport
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Teleport
NVD GitHub VulDB
EPSS 49% CVSS 8.8
HIGH POC PATCH THREAT This Week

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Teleport
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teleport
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Teleport
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teleport
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy