Lucene search
K

123 matches found

FreeBSD
FreeBSD
added 2024/05/08 12:0 a.m.8 views

tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes

Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet routers, and app connectors, could allow inbound connections to other tailnet nodes from their local area network LAN. This vulnerability only affects Linux exit nodes, subnet routers, and app connectors in...

7AI score
Exploits0References1
OSV
OSV
added 2023/11/27 5:25 p.m.67 views

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

8.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/11/27 5:25 p.m.26 views

Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

8.2AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.4 views

PT-2023-33027 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue concerns a command injection vulnerability in Uptime Kuma. Specifically, the runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell...

8.3AI score
Exploits0References3
Veracode
Veracode
added 2023/03/24 10:24 a.m.14 views

Privilege Escalation

github.com/tailscale/tailscale is vulnerable to Privilege Escalation. The vulnerability exists in the beIncubator function of incubator.go due to the differences in the FreeBSD setgroups system call, which allows an attacker to gain access and perform unauthorized actions if the host is running...

8CVSS7.7AI score0.0046EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/03/23 8:15 p.m.15 views

CVE-2023-28436

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

8CVSS6.6AI score0.0046EPSS
Exploits0References4
Prion
Prion
added 2023/03/23 8:15 p.m.215 views

Design/Logic Flaw

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.2CVSS8.1AI score0.0046EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/23 7:58 p.m.17 views

GHSA-VFGQ-G5X8-G595 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...

5.7CVSS6.5AI score0.0046EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/03/23 7:58 p.m.42 views

Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules. Affected platforms: FreeBSD Patched Tailscale client versions: v1.38.2 or later What happened? A difference i...

8CVSS7.6AI score0.0046EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/03/23 7:27 p.m.327 views

CVE-2023-28436

CVE-2023-28436 affects Tailscale SSH on FreeBSD prior to 1.38.2. A difference in FreeBSD’s setgroups behavior caused the tailscaled egid to be used instead of the user’s, permitting some commands to run with a higher privilege group ID than allowed by Tailscale SSH access rules, under specific co...

8CVSS6.9AI score0.0046EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/23 7:27 p.m.9 views

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.7CVSS8.2AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/03/23 7:27 p.m.19 views

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.7CVSS8.4AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2023/03/23 7:27 p.m.18 views

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.7CVSS8AI score0.0046EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.4 views

Tailscale 安全漏洞

Tailscale is an open source WireGuard based application from Tailscale. Can provide a secure private network for any size team . A security vulnerability exists in Tailscale versions prior to 1.38.2 that stems from allowing commands to be run using a privilege group ID higher than the privilege...

8CVSS6.9AI score0.0046EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.3 views

PT-2023-21719 · Tailscale · Tailscale

Name of the Vulnerable Software and Affected Versions: Tailscale versions 1.34.0 through 1.38.2 Description: A vulnerability in the implementation of Tailscale SSH on FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. This issue...

8CVSS7.7AI score0.0046EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.42 views

FreeBSD : tailscale -- security vulnerability in Tailscale SSH (1b15a554-c981-11ed-bb39-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b15a554-c981-11ed-bb39-901b0e9408dc advisory. - Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD...

8CVSS6.9AI score0.0046EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/03/22 12:0 a.m.28 views

tailscale -- security vulnerability in Tailscale SSH

Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules...

8CVSS7.8AI score0.0046EPSS
Exploits0References1
Filippo.io
Filippo.io
added 2023/02/02 9:43 p.m.33 views

I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...

6.7AI score
Exploits0
Veracode
Veracode
added 2022/11/25 4:45 a.m.17 views

Information Disclosure

github.com/tailscale/tailscale is vulnerable to information disclosure. The vulnerability exists in the ServeHTTP function in peerapi.go due to lack of validations of PeerAPI which allows an attacker to read the node’s environment variables, credentials and other sensitive information via CSRF...

8.8CVSS7.8AI score0.00534EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/11/23 7:15 p.m.32 views

CVE-2022-41925

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

8.8CVSS0.00534EPSS
Exploits1References3
Rows per page
Query Builder