This is a limited version of a notification we have sent to customers. If you are a customer, refer to the original communication and FAQ we sent you for more details.
Teleport security engineers have identified a critical security vulnerability that could allow remote authentication bypass of Teleport .
Teleport Cloud Infrastructure and CI/CD build, test, and release infrastructure aren’t affected.
For the full mitigation, we require you to upgrade both Proxy and Teleport agents. We also strongly recommend updating clients to the released patch versions as a precaution.
Fixed in versions: 17.5.2, 16.5.12, 15.5.3, 14.4.1, 13.4.27, 12.4.35.
We are designating these versions as Critical Security Exception Versions.
For these specific patch versions of Teleport Community Edition, we are removing Community Edition restrictions on employee count or revenue thresholds, as long as you apply the patch within thirty (30) days of its official release. Please read the full text of the updated Teleport Community Edition license for details.