Skip to main content

Tailscale

3 CVEs product

Monthly

CVE-2023-28436 Go HIGH PATCH This Week

Tailscale is software for using Wireguard and multi-factor authentication (MFA). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tailscale
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-41925 Go HIGH POC PATCH This Week

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tailscale
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41924 Go CRITICAL POC PATCH Act Now

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Tailscale
NVD GitHub
CVSS 3.1
9.6
EPSS
1.6%
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Tailscale is software for using Wireguard and multi-factor authentication (MFA). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tailscale
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tailscale
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC PATCH Act Now

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Tailscale
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy