4 matches found
CVE-2023-28436
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...
CVE-2023-28436
CVE-2023-28436 affects Tailscale SSH on FreeBSD prior to 1.38.2. A difference in FreeBSD’s setgroups behavior caused the tailscaled egid to be used instead of the user’s, permitting some commands to run with a higher privilege group ID than allowed by Tailscale SSH access rules, under specific co...
FreeBSD : tailscale -- security vulnerability in Tailscale SSH (1b15a554-c981-11ed-bb39-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1b15a554-c981-11ed-bb39-901b0e9408dc advisory. - Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD...