3 matches found
CVE-2022-41925
A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...
CVE-2022-41925 Tailscale daemon is vulnerable to information disclosure via CSRF
A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...
CVE-2022-41925
The CVE affects all Tailscale clients prior to v1.32.3. A DNS rebinding flaw in the peer API allows a malicious website to rebind the node’s DNS to attacker-controlled resolvers, enabling the attacker to issue peer API requests and read environment variables (including credentials/secrets such as...