GHSA-76cc-p55w-63g3: Withdrawn Advisory: Teleport Access List owners can escalate their privileges

January 3, 2024 (updated September 6, 2024)

Access Lists are a new feature introduced in Teleport 14 and currently under preview. An issue was discovered that allows an Access List Owner to assign arbitrary permissions, including permissions to themselves which could result in privilege escalation.

References

github.com/advisories/GHSA-76cc-p55w-63g3
github.com/gravitational/teleport
github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3

Code Behaviors & Features

Detect and mitigate GHSA-76cc-p55w-63g3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →