CVEFinder.io

CVE-2023-37268

🔶 medium
🔍 Scan for this CVE
Summary

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

CVSS Score
6.4
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2023-07-14
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 41.0% of all 321,566 vulnerabilities in our database.

#189,610
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 18, 2024
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-287

📦 Affected Products 1

Vendor Product Status Affected Versions
warpgate_project warpgate Affected
v0.7.2

🔗 References 2

https://github.com/warp-tech/warpgate/commit/8173f65...
Patch
https://github.com/warp-tech/warpgate/security/advis...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44347 🔶 medium 5.8 0.0 Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate ... 2026-05-12
CVE-2026-42189 ⚠️ high 7.5 0.2 Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerabili... 2026-05-08
CVE-2025-54804 🔶 medium 6.5 0.1 Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH ... 2025-08-05
CVE-2024-43410 ⚠️ high 7.5 0.6 Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to... 2024-08-21
CVE-2023-48712 ⚠️ high 7.1 0.2 Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escala... 2023-11-24
CVE-2023-43660 🔶 medium 4.8 0.0 Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verif... 2023-09-27
These CVEs affect the same products