Skip to content

Teleport 4.3.9
Compare
Choose a tag to compare
@russjones russjones released this 15 Dec 02:45
· 12949 commits to master since this release
v4.3.9
6dd4485

This release of Teleport contains a security fix.

  • Mitigated CVE-2020-29509 by updating github.com/russellhaering/gosaml2.

Details

A vulnerability was discovered in the github.com/russellhaering/gosaml2 library which is used by Teleport for SSO authentication via the SAML protocol.

With a carefully crafted SAML response, an attacker could inject malicious content, bypassing signature validation, permitting full authentication bypass.

Actions

All Enterprise SSO users using Okta, Active Directory, OneLogin or custom SAML connectors should upgrade their auth servers to the latest release of Teleport.

If you are unable to upgrade immediately, we suggest disabling SAML connectors for all clusters until the updates can be applied.

Download

Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.

Assets 2