FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tailscale -- security vulnerability in Tailscale SSH

Affected packages
tailscale < 1.38.2

Details

VuXML ID 1b15a554-c981-11ed-bb39-901b0e9408dc
Discovery 2023-03-22
Entry 2023-03-23

Tailscale team reports:

A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules.

References

CVE Name CVE-2023-28436
URL https://tailscale.com/security-bulletins/#ts-2023-003