Skip to content

Teleport 3.0.3
Compare
Choose a tag to compare
@russjones russjones released this 10 Jan 19:19
· 17659 commits to master since this release
v3.0.3
2eaa703

Teleport 3.0.3 contains a security fix. We strongly encourage anyone running Teleport 3.0.2 to upgrade.

Bug Fixes

Due to the flaw in internal RBAC verification logic, a compromised node, trusted cluster or authenticated non-privileged user can craft special request to Teleport's internal auth server API to elevate the privileges and gain administrative access to the Teleport cluster.

This vulnerability could be only exploited using previously authenticated clients, there is no known way to exploit this vulnerability outside the cluster by non-authenticated clients.

To mitigate the issue, auth servers have to be upgraded.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2
Loading