The easiest, and most secure way to access and protect all of your infrastructure.
AGPL-3.0 License
Bot releases are hidden (Show)
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains a feature.
tctl top
. #8338
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains bug fixes and multiple features.
tsh ssh
support for Windows. #8306 #8221 #8295
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains bug fixes, improvements, and multiple features.
kubeconfig
file. #7840
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains multiple improvements.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains multiple bug fixes.
teleport configure
generating empty hostname for web proxy address. #8245
fsGroup
not being set in teleport-kube-agent chart when using persistent storage. #8085
public_addr
setting. #8258
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains two bug fixes.
teleport configure
generating empty hostname for web proxy address. #8246
public_addr
setting. #8257
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains multiple bug fixes and security fixes.
--bootstrap
flag. #8128
--request-nowait
flag. #7979
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.
Below are the issues found, their impact, and the components of Teleport they affect.
An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:
Using tsh
with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.
Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, Applications, or Database servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.
When connecting to a Postgres database, an attacker could craft a database name or a username in a way that would have allowed them control over the resulting connection string.
An attacker could have probed connections to other reachable database servers and alter connection parameters such as disable TLS or connect to a database authenticated by a password.
During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.
For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh
and Teleport agents (including trusted cluster proxies) that use reverse tunnels.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.
Download one of the following releases to mitigate the issue:
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.
Below are the issues found, their impact, and the components of Teleport they affect.
An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:
Using tsh
with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.
Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, Applications, or Database servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.
When connecting to a Postgres database, an attacker could craft a database name or a username in a way that would have allowed them control over the resulting connection string.
An attacker could have probed connections to other reachable database servers and alter connection parameters such as disable TLS or connect to a database authenticated by a password.
During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.
For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh
and Teleport agents (including trusted cluster proxies) that use reverse tunnels.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.
Download one of the following releases to mitigate the issue:
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.
Below are the issues found, their impact, and the components of Teleport they affect.
An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:
Using tsh
with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.
Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes, or Applications servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.
During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.
For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh
and Teleport agents (including trusted cluster proxies) that use reverse tunnels.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.
Download one of the following releases to mitigate the issue:
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains multiple security fixes.
As part of a routine security audit of Teleport, several security vulnerabilities and miscellaneous issues were discovered in Teleport 4.4, 5, 6, and 7. We strongly suggest upgrading to the latest release.
Below are the issues found, their impact, and the components of Teleport they affect.
An attacker with privileged network position could forge SSH host certificates that Teleport would incorrectly validate in specific code paths.The specific paths of concern are:
Using tsh
with an identity file (commonly used for service accounts). This could lead to potentially leaking of sensitive commands the service account runs or in the case of proxy recording mode, the attacker could also gain control of the SSH agent being used.
Teleport agents could incorrectly connect to an attacker controlled cluster. Note, this would not give the attacker access or control of resources (like SSH, Kubernetes servers) because Teleport agents will still reject all connections without a valid x509 or SSH user certificate.
During an internal security exercise our engineers have discovered a vulnerability in Teleport build infrastructure affecting Teleport 4.4, 5, 6, and 7 that could have been potentially used to alter build artifacts. We have found no evidence of any exploitation. In an effort to be open and transparent with our customers, we encourage all customers to upgrade to the latest patch release.
For all users, we recommend upgrading all components of their Teleport cluster. If upgrading all components is not possible, we recommend upgrading tsh
and Teleport agents (including trusted cluster proxies) that use reverse tunnels.
Upgrades should follow the normal Teleport upgrade procedure: https://goteleport.com/teleport/docs/admin-guide/#upgrading-teleport.
You will no longer be able to connect to OpenSSH nodes that present public keys or certificates not signed by Teleport via web UI. Use OpenSSH client or tsh with insecure flag to connect to such nodes.
Download one of the following releases to mitigate the issue:
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by r0mant about 3 years ago
This release of Teleport contains two bug fixes.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
Pre-releases are not production ready, use at your own risk!
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains an improvement and new feature.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains an improvement and new feature.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.
Published by russjones about 3 years ago
This release of Teleport contains an improvement and new feature.
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.