Skip to content

Teleport 4.2.7
Compare
Choose a tag to compare
@russjones russjones released this 01 Apr 17:56
· 17083 commits to master since this release
v4.2.7
bc57b85

As part of a routine security audit of Teleport, a security vulnerability was discovered that affects all recent releases of Teleport. We strongly suggest upgrading to the latest patched release to mitigate this vulnerability.

Details

Due to a flaw in how the Teleport Web UI handled host certificate validation, host certificate validation was disabled for clusters where connections were terminated at the node. This means that an attacker could impersonate a Teleport node without detection when connecting through the Web UI.

Clusters where sessions were terminated at the proxy (recording proxy mode) are not affected.

Command line programs like tsh (or ssh) are not affected by this vulnerability.

Actions

To mitigate this issue, upgrade and restart all Teleport proxy processes.

Downloads

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2
Loading