CVE-2021-41395
6.5 MEDIUMTeleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted d...
Published: 2021-09-18 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
| Vendor | Product |
|---|---|
| goteleport | teleport |
Description
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41395
- [Patch]https://github.com/gravitational/teleport/releases/tag/v6.2.12
- [Patch]https://github.com/gravitational/teleport/releases/tag/v7.1.1
- [Patch]https://github.com/gravitational/teleport/releases/tag/v6.2.12
- [Patch]https://github.com/gravitational/teleport/releases/tag/v7.1.1
Related CVEs
Same vendor
- CVE-2021-41394 — Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations (5.3 MEDIUM)
- CVE-2021-41393 — Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations (9.8 CRITICAL)