Home > Vulnerability Database > CVE-2023-37268

Mend.io Vulnerability Database

CVE-2023-37268

Date: July 14, 2023

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit "8173f6512a" and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

Language: RUST

Severity Score

6.4

Related Resources (4)

Url: https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e

Url: https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-37268

Url: https://www.mend.io/vulnerability-database/CVE-2023-37268

Severity Score

6.4

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-37268

Date: July 14, 2023

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?