Skip to content

User-provided environment values allow execution on macOS agents

High
reedloden published GHSA-vfxf-76hv-v4w4 Dec 29, 2023

Package

macOS Teleport Agent

Affected versions

>=14.0.0, <14.2.4
>=13.0.0, <13.4.13
<12.4.31

Patched versions

14.2.4
13.4.13
12.4.31

Description

Impact

Agents running on macOS could be susceptible to unexpected code execution through user supplied environment variables.

Patches

Fixed in versions 14.2.4, 13.4.13 and 12.4.31.

References

Severity

High

CVE ID

No known CVE

Weaknesses

Credits