TLDR: Teleport 2.0.5 fixes several security vulnerabilities. Upgrade here
We have identified several vulnerabilities in Teleport 2.0. The full list of changes can be seen in the release notes. They are relevant to the heavy users of Teleport web-UI.
As a result of this, we strongly recommend Teleport users upgrade to Teleport 2.0.5 as soon as possible.
The most pressing issues can be resolved by upgrading the web proxy which would mitigate most of the potential attacks, however all nodes should be upgraded to 2.0.5 as soon as possible to mitigate all vulnerabilities.
We will release a full report and more details in one week - our main goal is to let everyone to upgrade and not make it easy to exploit the vulnerabilities discovered for the folks who haven’t upgraded yet.
Teleport cybersecurity blog posts and tech news
Every other week we'll send a newsletter with the latest cybersecurity news and Teleport updates.
Upgrade to 2.0.5 here
Passkeys for Infrastructure
By Ben Arent
SFTP: a More Secure Successor to SCP
By Andrew LeFevre
SELinux, Dragons and Other Scary Things
By Jakub Nyckowski