CVE-2023-48712

Published: Nov 24, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
warp-tech	warpgate	affected `< 0.9.0`

Weaknesses (CWE)

CWE-863

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr

x_refsource_CONFIRM

https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-48712

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References