DATABASE RESOURCES PRICING ABOUT US

{"id": "FREEBSD_PKG_E0F26AC56A1711ED93E7901B0E9408DC.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : tailscale -- Security vulnerability in the client (e0f26ac5-6a17-11ed-93e7-901b0e9408dc)", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e0f26ac5-6a17-11ed-93e7-901b0e9408dc advisory.\n\n - Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables.\n (CVE-2022-41925)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-11-22T00:00:00", "modified": "2022-12-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 6.0}, "href": "https://www.tenable.com/plugins/nessus/168042", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?877c3838", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41925", "https://tailscale.com/security-bulletins/#ts-2022-005"], "cvelist": ["CVE-2022-41925"], "immutableFields": [], "lastseen": "2023-01-10T19:38:36", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-41925"]}, {"type": "freebsd", "idList": ["E0F26AC5-6A17-11ED-93E7-901B0E9408DC"]}, {"type": "github", "idList": ["GHSA-QCCM-WMCQ-PWR6"]}, {"type": "osv", "idList": ["OSV:GHSA-QCCM-WMCQ-PWR6"]}, {"type": "veracode", "idList": ["VERACODE:38247"]}]}, "score": {"value": -0.4, "vector": "NONE"}, "vulnersScore": -0.4}, "_state": {"dependencies": 1673380138, "score": 1673379523}, "_internal": {"score_hash": "17f475add34b9a11e7bcf4d08d771074"}, "pluginID": "168042", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168042);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/02\");\n\n script_cve_id(\"CVE-2022-41925\");\n\n script_name(english:\"FreeBSD : tailscale -- Security vulnerability in the client (e0f26ac5-6a17-11ed-93e7-901b0e9408dc)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the e0f26ac5-6a17-11ed-93e7-901b0e9408dc advisory.\n\n - Tailscale team reports: A vulnerability identified in the Tailscale client allows a malicious\n website to access the peer API, which can then be used to access Tailscale environment variables.\n (CVE-2022-41925)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tailscale.com/security-bulletins/#ts-2022-005\");\n # https://vuxml.freebsd.org/freebsd/e0f26ac5-6a17-11ed-93e7-901b0e9408dc.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?877c3838\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41925\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tailscale\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'tailscale<1.32.3'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "p-cpe:2.3:a:freebsd:freebsd:tailscale:*:*:*:*:*:*:*"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-41925", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.3"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-11-22T00:00:00", "vulnerabilityPublicationDate": "2022-11-22T00:00:00", "exploitableWith": []}

{"osv": [{"lastseen": "2022-12-01T22:23:14", "description": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables.\n\n**Affected platforms:** All\n**Patched Tailscale client versions:** v1.32.3 or later, v1.33.257 or later (unstable)\n\n### What happened?\nIn the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node\u2019s Tailscale environment variables.\n\n### Who is affected?\nAll Tailscale clients prior to version v.1.32.3 are affected.\n\n### What should I do?\nUpgrade to v1.32.3 or later to remediate the issue.\n\n### What is the impact?\nAn attacker with access to the peer API on a node could use that access to read the node\u2019s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user\u2019s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop.\n\nAn attacker with access to the peer API who sent a malicious file via Taildrop which was accessed while it was loading could use this to gain access to the local API, and remotely execute code.\n\nThere is no evidence of this vulnerability being purposefully triggered or exploited.\n\n### Credits\nWe would like to thank [Emily Trau](https://github.com/emilytrau) and [Jamie McClymont (CyberCX)](https://twitter.com/JJJollyjim) for reporting this issue. Further detail is available in [their blog post](https://emily.id.au/tailscale).\n\n### References\n* [TS-2022-005](https://tailscale.com/security-bulletins/#ts-2022-005)\n* [Researcher blog post](https://emily.id.au/tailscale)\n\n### For more information\nIf you have any questions or comments about this advisory, [contact Tailscale support](https://tailscale.com/contact/support/).", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-21T22:34:22", "type": "osv", "title": "Tailscale daemon is vulnerable to information disclosure via CSRF", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41925"], "modified": "2022-12-01T22:12:32", "id": "OSV:GHSA-QCCM-WMCQ-PWR6", "href": "https://osv.dev/vulnerability/GHSA-qccm-wmcq-pwr6", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-12-01T19:11:08", "description": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node\u2019s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node\u2019s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user\u2019s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-23T19:15:00", "type": "cve", "title": "CVE-2022-41925", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-41925"], "modified": "2022-12-01T17:10:00", "cpe": [], "id": "CVE-2022-41925", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41925", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "github": [{"lastseen": "2023-01-27T05:06:16", "description": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables.\n\n**Affected platforms:** All\n**Patched Tailscale client versions:** v1.32.3 or later, v1.33.257 or later (unstable)\n\n### What happened?\nIn the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node\u2019s Tailscale environment variables.\n\n### Who is affected?\nAll Tailscale clients prior to version v.1.32.3 are affected.\n\n### What should I do?\nUpgrade to v1.32.3 or later to remediate the issue.\n\n### What is the impact?\nAn attacker with access to the peer API on a node could use that access to read the node\u2019s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user\u2019s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop.\n\nAn attacker with access to the peer API who sent a malicious file via Taildrop which was accessed while it was loading could use this to gain access to the local API, and remotely execute code.\n\nThere is no evidence of this vulnerability being purposefully triggered or exploited.\n\n### Credits\nWe would like to thank [Emily Trau](https://github.com/emilytrau) and [Jamie McClymont (CyberCX)](https://twitter.com/JJJollyjim) for reporting this issue. Further detail is available in [their blog post](https://emily.id.au/tailscale).\n\n### References\n* [TS-2022-005](https://tailscale.com/security-bulletins/#ts-2022-005)\n* [Researcher blog post](https://emily.id.au/tailscale)\n\n### For more information\nIf you have any questions or comments about this advisory, [contact Tailscale support](https://tailscale.com/contact/support/).", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-21T22:34:22", "type": "github", "title": "Tailscale daemon is vulnerable to information disclosure via CSRF", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41925"], "modified": "2023-01-27T05:02:41", "id": "GHSA-QCCM-WMCQ-PWR6", "href": "https://github.com/advisories/GHSA-qccm-wmcq-pwr6", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2022-12-01T20:17:46", "description": "\n\nTailscale team reports:\n\nA vulnerability identified in the Tailscale client allows a\n\tmalicious website to access the peer API, which can then be used\n\tto access Tailscale environment variables.\n\n\n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-21T00:00:00", "type": "freebsd", "title": "tailscale -- Security vulnerability in the client", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-41925"], "modified": "2022-11-21T00:00:00", "id": "E0F26AC5-6A17-11ED-93E7-901B0E9408DC", "href": "https://vuxml.freebsd.org/freebsd/e0f26ac5-6a17-11ed-93e7-901b0e9408dc.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-12-05T12:33:08", "description": "github.com/tailscale/tailscale is vulnerable to information disclosure. The vulnerability exists in the `ServeHTTP` function in `peerapi.go` due to lack of validations of PeerAPI which allows an attacker to read the node\u2019s environment variables, credentials and other sensitive information via CSRF. \n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-11-25T04:45:07", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41925"], "modified": "2022-12-01T19:14:39", "id": "VERACODE:38247", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38247/summary", "cvss": {"score": 0.0, "vector": "NONE"}}]}