Description
This release of Teleport contains 3 security fixes as well as multiple improvements and bug fixes.
[Critical] Privilege escalation via host user creation
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to create arbitrary files on the system as root writable by the created user.
This could allow the attacker to escalate their privileges to root.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
[High] Insufficient auth token verification when signing self-hosted database certificates
When signing self-hosted database certificates, Teleport did not sufficiently validate the authorization token type.
This could allow an attacker to sign valid database access certificates using a guessed authorization token name.
Users who aren’t using self-hosted database access aren’t affected by this vulnerability.
[High] Privilege escalation via untrusted config file on Windows
When loading the global tsh configuration file tsh.yaml on Windows, Teleport would look for the file in a potentially untrusted directory.
This could allow a malicious user to create harmful command aliases for all tsh users on the system.
Users who aren’t using tsh on Windows aren’t affected by this vulnerability.
Other fixes and improvements
- Fixed directory sharing in Desktop Access for non-ascii directory names. #31922
- Fixed desktop sessions' viewport size to the size of browser window at session start. #31522
- Updated OpenSSL to 3.0.11 #32167
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.
labels: security-patch=yes, security-patch-alts=v11.3.24