vulnerability
FreeBSD: VID-1B15A554-C981-11ED-BB39-901B0E9408DC (CVE-2023-28436): tailscale -- security vulnerability in Tailscale SSH
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:A/AC:L/Au:S/C:C/I:C/A:C) | Mar 22, 2023 | Mar 23, 2023 | Jan 28, 2025 |
Severity
8
CVSS
(AV:A/AC:L/Au:S/C:C/I:C/A:C)
Published
Mar 22, 2023
Added
Mar 23, 2023
Modified
Jan 28, 2025
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-1B15A554-C981-11ED-BB39-901B0E9408DC:
Tailscale team reports:
A vulnerability identified in the implementation of Tailscale SSH in FreeBSD
allowed commands to be run with a higher privilege group ID than that specified
by Tailscale SSH access rules.
Solution
freebsd-upgrade-package-tailscale
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.