<p>Upgrade <code>github.com/gravitational/teleport/lib/auth</code> to version 11.0.0-dev.6 or higher.</p>

auth package, versions <11.0.0-dev.6

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMGRAVITATIONALTELEPORTLIBAUTH-2960806
published 3 Aug 2022
disclosed 27 Jul 2022
credit Zac Bergquist

Report a new vulnerability Found a mistake?

Introduced: 27 Jul 2022

CWE-20 Open this link in a new tab

How to fix?

Upgrade github.com/gravitational/teleport/lib/auth to version 11.0.0-dev.6 or higher.

Overview

Affected versions of this package are vulnerable to Improper Input Validation due to missing token validation. The token value is provided via the HTTP request and inserted into the node-join script, which could allow an attacker to generate a node-join script with malicious code included.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

Required

Scope (S)

Changed

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

Low

Improper Input Validation Affecting github.com/gravitational/teleport/lib/auth package, versions <11.0.0-dev.6

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 27 Jul 2022

How to fix?

Overview

References

CVSS Scores

Snyk