diff options
| author | Ashish SHUKLA <ashish@FreeBSD.org> | 2023-03-23 13:53:09 +0000 |
|---|---|---|
| committer | Ashish SHUKLA <ashish@FreeBSD.org> | 2023-03-23 13:54:03 +0000 |
| commit | c8d192304d65f090cc851b79d156212fd37a4e80 (patch) | |
| tree | 8688c46f2f09d29830678d53321f8e4a4fe4267f | |
| parent | 49a1994deed5f4e91f8ebaaa238bebc455940ce9 (diff) | |
| download | ports-c8d192304d65f090cc851b79d156212fd37a4e80.tar.gz ports-c8d192304d65f090cc851b79d156212fd37a4e80.zip | |
security/vuxml: Document vulnerability for security/tailscale
PR: 270406
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 81b1e06dae16..d2aee09c366e 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,31 @@ + <vuln vid="1b15a554-c981-11ed-bb39-901b0e9408dc"> + <topic>tailscale -- security vulnerability in Tailscale SSH</topic> + <affects> + <package> + <name>tailscale</name> + <range><lt>1.38.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tailscale team reports:</p> + <blockquote cite="https://tailscale.com/security-bulletins/#ts-2023-003"> + <p>A vulnerability identified in the implementation of Tailscale SSH in FreeBSD + allowed commands to be run with a higher privilege group ID than that specified + by Tailscale SSH access rules.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-28436</cvename> + <url>https://tailscale.com/security-bulletins/#ts-2023-003</url> + </references> + <dates> + <discovery>2023-03-22</discovery> + <entry>2023-03-23</entry> + </dates> + </vuln> + <vuln vid="c8b334e0-6e83-4575-81d1-f9d5803ceb07"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |