Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in tailscale.com/cmd: CVE-2022-41924 #1124

Closed
GoVulnBot opened this issue Nov 23, 2022 · 2 comments
Closed

x/vulndb: potential Go vuln in tailscale.com/cmd: CVE-2022-41924 #1124

GoVulnBot opened this issue Nov 23, 2022 · 2 comments
Assignees
@julieqiu
Labels
duplicate

Comments

@GoVulnBot
Copy link

CVE-2022-41924 references github.com/tailscale/tailscale, which may be a Go module.

Description:
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node.

All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.

References:

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/tailscale/tailscale
    packages:
      - package: tailscale
description: "A vulnerability identified in the Tailscale Windows client allows a
    malicious website to reconfigure the Tailscale daemon `tailscaled`, which can
    then be used to remotely execute code. In the Tailscale Windows client, the local
    API was bound to a local TCP socket, and communicated with the Windows client
    GUI in cleartext with no Host header verification. This allowed an attacker-controlled
    website visited by the node to rebind DNS to an attacker-controlled DNS server,
    and then make local API requests in the client, including changing the coordination
    server to an attacker-controlled coordination server. An attacker-controlled coordination
    server can send malicious URL responses to the client, including pushing executables
    or installing an SMB share. These allow the attacker to remotely execute code
    on the node. \n\nAll Windows clients prior to version v.1.32.3 are affected. If
    you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate
    the issue.\n"
cves:
  - CVE-2022-41924
references:
  - web: https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp
  - web: https://emily.id.au/tailscale
  - web: https://tailscale.com/security-bulletins/#ts-2022-004
@jba jba added the duplicate label Nov 23, 2022
@jba
Copy link
Contributor

jba commented Nov 23, 2022

Duplicate of #1120

@jba jba marked this as a duplicate of #1120 Nov 23, 2022
@julieqiu julieqiu self-assigned this Nov 29, 2022
@julieqiu julieqiu changed the title x/vulndb: potential Go vuln in github.com/tailscale/tailscale: CVE-2022-41924 x/vulndb: potential Go vuln in tailscale.com/cmd: CVE-2022-41924 Nov 29, 2022
@julieqiu
Copy link
Member

Closing as duplicate of #1120.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julieqiu julieqiu

Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@julieqiu @jba @GoVulnBot