N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-c9v7-wmwj-vf6x

EPSS Score

CWE

Published

1/3/2024

Updated

7/8/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-c9v7-wmwj-vf6x

GHSA-c9v7-wmwj-vf6x: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access

Withdrawn Advisory

This advisory has been withdrawn because the vulnerability affects a binary, not a library in a supported ecosystem. Therefore, users of the library should not receive alerts. This link is maintained to preserve external references.

Original Description

Impact

An attacker that has access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the Proxy server are still respected, so files can only be read or modified on the Proxy if the user has system access to read or write to them.

Patches

Fixed in versions 14.2.4, 13.4.13 and 12.4.31.

Workarounds

This issue can be mitigated by ensuring that regular users do not have a valid principal on the proxy server. To be exploitable, the user's login must exist on a proxy server and the Teleport binary must have permissions to start a session with this user.

References

Fix PR: https://github.com/gravitational/teleport/pull/36136

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-c9v7-wmwj-vf6x

GHSA-c9v7-wmwj-vf6x:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-c9v7-wmwj-vf6x

EPSS Score

CWE

Published

1/3/2024

Updated

7/8/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/gravitational/teleport	go	>= 14.0.0, < 14.2.4	14.2.4
github.com/gravitational/teleport	go	>= 13.0.0, < 13.4.13	13.4.13
github.com/gravitational/teleport	go	< 12.4.31	12.4.31

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper subsystem validation in proxy mode. The commit diff shows the parseSubsystemRequest() function was modified to add strict proxy mode checks, rejecting non-proxy subsystems like SFTP. Pre-patch code (visible in diff line 2195-2204) lacked this strict filtering, allowing attackers to request SFTP subsystem on proxy servers. The added test TestParseSubsystemRequest in sshserver_test.go explicitly verifies this restriction, confirming SFTP is blocked in proxy mode post-fix.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-c9v7-wmwj-vf6x: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access

Withdrawn Advisory

Original Description

Impact

Patches

Workarounds

References

GHSA-c9v7-wmwj-vf6x:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Basic Information

Basic Information

Technical Details

GHSA-c9v7-wmwj-vf6x: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access

Withdrawn Advisory

Original Description

Impact

Patches

Workarounds

References

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI