Gravitational Teleport v4.1.10 Release Notes

Release Date: 2020-04-01 // almost 4 years ago
  • 🚀 As part of a routine security audit of Teleport, a security vulnerability was discovered that affects all recent releases of Teleport. We strongly suggest upgrading to the latest patched release to mitigate this vulnerability.

    Details

    💻 Due to a flaw in how the Teleport Web UI handled host certificate validation, host certificate validation was disabled for clusters where connections were terminated at the node. This means that an attacker could impersonate a Teleport node without detection when connecting through the Web UI.

    Clusters where sessions were terminated at the proxy (recording proxy mode) are not affected.

    💻 Command line programs like tsh (or ssh) are not affected by this vulnerability.

    Actions

    ⬆️ To mitigate this issue, upgrade and restart all Teleport proxy processes.

    Downloads

    🚀 Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.