Vulnerability Description
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Goteleport | Teleport | >= 6.0, < 6.2.12 |
References
- https://github.com/gravitational/teleport/releases/tag/v6.2.12PatchRelease NotesThird Party Advisory
- https://github.com/gravitational/teleport/releases/tag/v7.1.1PatchRelease NotesThird Party Advisory
- https://github.com/gravitational/teleport/releases/tag/v6.2.12PatchRelease NotesThird Party Advisory
- https://github.com/gravitational/teleport/releases/tag/v7.1.1PatchRelease NotesThird Party Advisory
FAQ
What is CVE-2021-41395?
CVE-2021-41395 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
How severe is CVE-2021-41395?
CVE-2021-41395 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41395?
Check the references section above for vendor advisories and patch information. Affected products include: Goteleport Teleport.