Search criteria
5 vulnerabilities by warpgate_project
CVE-2025-54804 (GCVE-0-2025-54804)
Vulnerability from cvelistv5 – Published: 2025-08-05 00:05 – Updated: 2025-08-05 14:44
VLAI?
Title
Russh is missing an overflow check during channel windows adjust
Summary
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.
Severity ?
6.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54804",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:44:02.759774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:44:05.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "russh",
"vendor": "Eugeny",
"versions": [
{
"status": "affected",
"version": "\u003c 0.54.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Russh is a Rust SSH client \u0026 server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T00:05:20.971Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm"
},
{
"name": "https://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5"
}
],
"source": {
"advisory": "GHSA-h5rc-j5f5-3gcm",
"discovery": "UNKNOWN"
},
"title": "Russh is missing an overflow check during channel windows adjust"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54804",
"datePublished": "2025-08-05T00:05:20.971Z",
"dateReserved": "2025-07-29T16:50:28.395Z",
"dateUpdated": "2025-08-05T14:44:05.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43410 (GCVE-0-2024-43410)
Vulnerability from cvelistv5 – Published: 2024-08-21 15:09 – Updated: 2024-08-21 15:35
VLAI?
Title
Russh has an OOM Denial of Service due to allocation of untrusted amount
Summary
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.
After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "russh",
"vendor": "russh_project",
"versions": [
{
"lessThan": "0.44.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43410",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:33:37.660659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:35:25.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "russh",
"vendor": "Eugeny",
"versions": [
{
"status": "affected",
"version": "\u003c 0.44.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Russh is a Rust SSH client \u0026 server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.\nAfter parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:09:34.316Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg"
},
{
"name": "https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55"
}
],
"source": {
"advisory": "GHSA-vgvv-x7xg-6cqg",
"discovery": "UNKNOWN"
},
"title": "Russh has an OOM Denial of Service due to allocation of untrusted amount"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43410",
"datePublished": "2024-08-21T15:09:34.316Z",
"dateReserved": "2024-08-12T18:02:04.967Z",
"dateUpdated": "2024-08-21T15:35:25.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48712 (GCVE-0-2023-48712)
Vulnerability from cvelistv5 – Published: 2023-11-24 17:02 – Updated: 2024-08-02 21:37
VLAI?
Title
User authorization bug leading to privilege escalation in warpgate
Summary
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user\u0027s account. Limited users can impersonate another user\u0027s account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T17:02:59.929Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76"
}
],
"source": {
"advisory": "GHSA-c94j-vqr5-3mxr",
"discovery": "UNKNOWN"
},
"title": "User authorization bug leading to privilege escalation in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48712",
"datePublished": "2023-11-24T17:02:59.929Z",
"dateReserved": "2023-11-17T19:43:37.555Z",
"dateUpdated": "2024-08-02T21:37:54.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43660 (GCVE-0-2023-43660)
Vulnerability from cvelistv5 – Published: 2023-09-27 21:00 – Updated: 2024-09-20 19:34
VLAI?
Title
SSH key password bypassed in warpgate
Summary
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
4.8 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:51:05.559514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T19:34:17.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn\u0027t need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user\u0027s public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T21:00:29.827Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63"
}
],
"source": {
"advisory": "GHSA-3cjp-w4cp-m9c8",
"discovery": "UNKNOWN"
},
"title": "SSH key password bypassed in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43660",
"datePublished": "2023-09-27T21:00:29.827Z",
"dateReserved": "2023-09-20T15:35:38.148Z",
"dateUpdated": "2024-09-20T19:34:17.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37268 (GCVE-0-2023-37268)
Vulnerability from cvelistv5 – Published: 2023-07-14 21:02 – Updated: 2024-10-18 17:41
VLAI?
Title
User login confusion with SSO in warpgate
Summary
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.
Severity ?
6.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "warpgate",
"vendor": "warpgate_project",
"versions": [
{
"lessThan": "0.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:30:49.816727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:41:24.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warpgate",
"vendor": "warp-tech",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn\u0027t need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T21:02:00.786Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"
},
{
"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"
}
],
"source": {
"advisory": "GHSA-868r-97g5-r9g4",
"discovery": "UNKNOWN"
},
"title": "User login confusion with SSO in warpgate"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37268",
"datePublished": "2023-07-14T21:02:00.786Z",
"dateReserved": "2023-06-29T19:35:26.438Z",
"dateUpdated": "2024-10-18T17:41:24.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}