Name of the Vulnerable Software and Affected Versions Teleport versions prior to 12.4.31 Teleport versions prior to 13.4.13 Teleport versions prior to 14.2.4

Description An authenticated attacker with valid credentials can make non-blind Server-Side Request Forgery (SSRF) through the proxy and/or agents to arbitrary hosts. This issue affects users of the Teleport library. To mitigate SSRF, it is recommended to restrict outbound network connections to only the necessary services, such as the Auth Service, SSO provider, agents, databases, or applications. In cloud environments, careful attention should be paid to accessible cloud resources from the proxy.

Recommendations For versions prior to 12.4.31, update to version 12.4.31 or later. For versions prior to 13.4.13, update to version 13.4.13 or later. For versions prior to 14.2.4, update to version 14.2.4 or later. As a temporary workaround, consider implementing strict network controls from the Teleport Proxy and Teleport Agents to reduce potential exposure from this issue. Restrict access to the proxy and agents to minimize the risk of exploitation.