Skip to content

3.1.9
Compare
Choose a tag to compare
@russjones russjones released this 03 Jun 18:29
· 17537 commits to master since this release
v3.1.9
279f164

This release of Teleport contains a security fix.

Description

As part of a routine security audit of Teleport, a security vulnerability was discovered that affects recent Teleport releases (3.2, 3.1, and 3.0).

Details

Due to a flaw in session handling logic, a user with valid credentials and session ID can prevent a session from being recorded in the Audit Log.

This vulnerability can be only exploited by clients that have valid user credentials, have access to a valid session ID, and within a small time window. There is no known way to exploit this vulnerability outside the cluster by non-authenticated users.

Actions

To mitigate the issue, nodes, proxies, and auth servers should be upgraded to the patched release. Upgrades should follow the normal Teleport upgrade procedure: https://gravitational.com/teleport/docs/admin-guide/#upgrading-teleport.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2
Loading