CVEFinder.io

CVE-2023-48712

⚠️ high
🔍 Scan for this CVE
Summary

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin us

Description

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score
7.1
High
EPSS Score
0.2
Exploit Probability
Published Date
2023-11-24
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 53.4% of all 321,566 vulnerabilities in our database.

#149,865
Above average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-863

📦 Affected Products 1

Vendor Product Status Affected Versions
warpgate_project warpgate Affected
≤ 0.8.1

🔗 References 2

https://github.com/warp-tech/warpgate/commit/e3b26b2...
Patch
https://github.com/warp-tech/warpgate/security/advis...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44347 🔶 medium 5.8 0.0 Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate ... 2026-05-12
CVE-2026-42189 ⚠️ high 7.5 0.2 Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerabili... 2026-05-08
CVE-2025-54804 🔶 medium 6.5 0.1 Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH ... 2025-08-05
CVE-2024-43410 ⚠️ high 7.5 0.6 Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to... 2024-08-21
CVE-2023-43660 🔶 medium 4.8 0.0 Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verif... 2023-09-27
CVE-2023-37268 🔶 medium 6.4 0.2 Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a u... 2023-07-14
These CVEs affect the same products