GHSA-76cc-p55w-63g3 – github.com/gravitational/teleport

Package

Manager: go
Name: github.com/gravitational/teleport
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Withdrawn Advisory: Teleport Access List owners can escalate their privileges ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a [supported ecosystem](https://github.com/github/advisory-database#supported-ecosystems). Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. ## Original Description ### Impact Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation. ### Patches Fixed in version 14.2.4 and 13.4.13

Metadata

Created: 2024-01-03T21:29:09Z
Modified: 2024-09-06T21:40:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-76cc-p55w-63g3/GHSA-76cc-p55w-63g3.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0