github gravitational/teleport v5.0.2
Teleport 5.0.2

latest releases: v17.0.0-dev.gus-trivy-failover.1, api/v17.0.0-dev.gus-trivy-failover.1, v17.0.0-rc.1...
3 years ago

This release of Teleport contains a security fix.

  • Mitigated CVE-2020-29509 by updating github.com/russellhaering/gosaml2.

Details

A vulnerability was discovered in the github.com/russellhaering/gosaml2 library which is used by Teleport for SSO authentication via the SAML protocol.

With a carefully crafted SAML response, an attacker could inject malicious content, bypassing signature validation, permitting full authentication bypass.

Actions

All Enterprise SSO users using Okta, Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to the latest release of Teleport.

If you are unable to upgrade immediately, we suggest disabling SAML connectors for all clusters until the updates can be applied.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Don't miss a new teleport release

NewReleases is sending notifications on new releases.