Skip to content

Teleport 2.7.7
Compare
Choose a tag to compare
@russjones russjones released this 10 Jan 19:19
· 17872 commits to master since this release
v2.7.7
d263acf

Teleport 2.7.7 contains a security fix. We strongly encourage anyone running Teleport 2.7.6 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Also upgraded Go to 1.11.4 to mitigate CVE-2018-16875: CPU denial of service in chain validation Go.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2
Loading