CVE-2021-41395: 
Teleport vulnerability analysis and mitigation

Teleport before 6.2.12 and 7.x before 7.1.1 contains a security vulnerability that allows attackers to control a database connection string in certain situations via a crafted database name or username (Teleport Release, Teleport Release). The vulnerability was discovered in September 2021 and affects the Database Access component of Teleport.

When connecting to a Postgres database, an attacker could craft a database name or username in a way that would allow them control over the resulting connection string. This could enable the attacker to probe connections to other reachable database servers and alter connection parameters, such as disabling TLS or connecting to a database authenticated by password. The vulnerability has a CVSS v3.1 base score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) (NVD).

The vulnerability allows attackers to potentially probe connections to other reachable database servers and modify connection parameters. This could result in unauthorized access to databases, the ability to disable security features like TLS, or connect to password-authenticated databases (Teleport Release).

Users are strongly recommended to upgrade to the patched versions: Teleport 7.1.1 for 7.x users or Teleport 6.2.12 for 6.x users. If upgrading all components is not possible, priority should be given to upgrading tsh and Teleport agents that use reverse tunnels. The upgrade should follow the normal Teleport upgrade procedure (Teleport Release).