CVE-2023-28436 (tailscale)

Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. A difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on …

access authentication call client cve factor freebsd higher mfa multi-factor multi-factor authentication operating system posix privilege rules run software ssh system tailscale version version 1 vulnerability wireguard