CVE-2022-41925: 
Tailscale vulnerability analysis and mitigation

A vulnerability identified in the Tailscale client (CVE-2022-41925) allowed a malicious website to access the peer API through DNS rebinding. The issue was discovered in November 2022 and affected all Tailscale clients prior to version v1.32.3. The vulnerability impacted the peer API functionality in the Tailscale client, which could be exploited when an attacker-controlled website was visited by a node (NVD, Tailscale Advisory).

The vulnerability allowed an attacker-controlled website to rebind DNS for the peer API to an attacker-controlled DNS server, enabling peer API requests in the client. This was possible because the peer API lacked proper DNS rebinding protections. The attack could be executed when a user visited a malicious website that exploited this DNS rebinding vulnerability (Tailscale Advisory).

An attacker who successfully exploited this vulnerability could access the node's environment variables, including any credentials or secrets stored in environment variables. This could include Tailscale authentication keys, which could then be used to add new nodes to the user's tailnet. Additionally, the peer API access could be used to learn of other nodes in the tailnet or send files via Taildrop (Tailscale Advisory).

The vulnerability was patched in Tailscale version v1.32.3. Users are advised to upgrade to v1.32.3 or later to remediate the issue. The fix implemented proper DNS rebinding protections for the peer API (Tailscale Advisory).