data/reports/GO-2024-2447.yaml - vulndb - Git at Google

 id: GO-2024-2447
 modules:
     - module: github.com/gravitational/teleport
       non_go_versions:
         - fixed: 12.4.31
         - introduced: 13.0.0
         - fixed: 13.4.13
         - introduced: 14.0.0
         - fixed: 14.2.4
       vulnerable_at: 3.2.17+incompatible
 summary: |-
     Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low
     privileged users in github.com/gravitational/teleport
 ghsas:
     - GHSA-hw4x-mcx5-9q36
 references:
     - advisory: https://github.com/gravitational/teleport/security/advisories/GHSA-hw4x-mcx5-9q36
     - fix: https://github.com/gravitational/teleport/commit/bb2d67d357e868254a21ed7cb132030d7bf9fcbc
     - fix: https://github.com/gravitational/teleport/pull/36127
 source:
     id: GHSA-hw4x-mcx5-9q36
     created: 2024-06-14T11:35:35.160981-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
	id: GO-2024-2447
	modules:
	- module: github.com/gravitational/teleport
	non_go_versions:
	- fixed: 12.4.31
	- introduced: 13.0.0
	- fixed: 13.4.13
	- introduced: 14.0.0
	- fixed: 14.2.4
	vulnerable_at: 3.2.17+incompatible
	summary: \|-
	Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low
	privileged users in github.com/gravitational/teleport
	ghsas:
	- GHSA-hw4x-mcx5-9q36
	references:
	- advisory: https://github.com/gravitational/teleport/security/advisories/GHSA-hw4x-mcx5-9q36
	- fix: https://github.com/gravitational/teleport/commit/bb2d67d357e868254a21ed7cb132030d7bf9fcbc
	- fix: https://github.com/gravitational/teleport/pull/36127
	source:
	id: GHSA-hw4x-mcx5-9q36
	created: 2024-06-14T11:35:35.160981-04:00
	review_status: UNREVIEWED
	unexcluded: EFFECTIVELY_PRIVATE