Insufficient Session Expiration Affecting github.com/gravitational/teleport/lib/service package, versions <13.4.26 >=14.0.0 <14.3.20 >=15.0.0 <15.3.6
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGRAVITATIONALTELEPORTLIBSERVICE-7086071
- published 24 May 2024
- disclosed 24 May 2024
- credit Unknown
How to fix?
Upgrade github.com/gravitational/teleport/lib/service
to version 13.4.26, 14.3.20, 15.3.6 or higher.
Overview
Affected versions of this package are vulnerable to Insufficient Session Expiration due to not terminating some long-running mTLS-authenticated connections past the expiry of client certificates for users with the disconnect_expired_cert
option. This could allow such users to perform some API actions after their certificate has expired.
References
CVSS Scores
version 3.1