CVE-2023-37268

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-37268
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37268.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-37268
Related
  • GHSA-868r-97g5-r9g4
Published
2023-07-14T22:15:09Z
Modified
2025-01-08T15:06:23.489250Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit 8173f6512a and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

References

Affected packages

Git / github.com/warp-tech/warpgate

Affected ranges

Type
GIT
Repo
https://github.com/warp-tech/warpgate
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.4.0
v0.5.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.7.0
v0.7.1
v0.7.2