Vulnerabilites related to warp-tech - warpgate
CVE-2023-48712 (GCVE-0-2023-48712)
Vulnerability from cvelistv5
Published
2023-11-24 17:02
Modified
2024-08-02 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user\u0027s account. Limited users can impersonate another user\u0027s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T17:02:59.929Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76"
}
],
"source": {
"advisory": "GHSA-c94j-vqr5-3mxr",
"discovery": "UNKNOWN"
},
"title": "User authorization bug leading to privilege escalation in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48712",
"datePublished": "2023-11-24T17:02:59.929Z",
"dateReserved": "2023-11-17T19:43:37.555Z",
"dateUpdated": "2024-08-02T21:37:54.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37268 (GCVE-0-2023-37268)
Vulnerability from cvelistv5
Published
2023-07-14 21:02
Modified
2024-10-18 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "warpgate",
"vendor": "warpgate_project",
"versions": [
{
"lessThan": "0.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:30:49.816727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:41:24.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn\u0027t need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T21:02:00.786Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"
}
],
"source": {
"advisory": "GHSA-868r-97g5-r9g4",
"discovery": "UNKNOWN"
},
"title": "User login confusion with SSO in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37268",
"datePublished": "2023-07-14T21:02:00.786Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2024-10-18T17:41:24.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43660 (GCVE-0-2023-43660)
Vulnerability from cvelistv5
Published
2023-09-27 21:00
Modified
2024-09-20 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:51:05.559514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T19:34:17.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn\u0027t need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user\u0027s public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T21:00:29.827Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63"
}
],
"source": {
"advisory": "GHSA-3cjp-w4cp-m9c8",
"discovery": "UNKNOWN"
},
"title": "SSH key password bypassed in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43660",
"datePublished": "2023-09-27T21:00:29.827Z",
"dateReserved": "2023-09-20T15:35:38.148Z",
"dateUpdated": "2024-09-20T19:34:17.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}