Security Advisories

Security notifications affecting your Canaries

On this page are security advisories for our commercial Canaries and their Consoles. They are primarily informational; birds and their consoles are updated by us at Thinkst, so typically no action is needed by customers.

If you are affected by a security advisory and don't have updates enabled, our support team will contact you.

Subscribe via RSS Report a vulnerability

TC-2023-007 - Problem in Canary SMB Service
on 22nd June, 2023
Description

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What happened?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

Who is affected?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What is the impact?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What do I need to do?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

Credits

We would like to thank Jane Doe for reporting this issue.
TC-2023-006 - Problem in device settings pushed not persisting in the DB
on 22nd May, 2023
Reference: CVE-2023-28436

Severity: Medium

CVSS vector string: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Description

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

Affected platforms: FreeBSD

Patched Tailscale client versions: v1.38.2 or later

What happened?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

Who is affected?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

The following is a checklist for the impact:
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut.
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut.
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat
- Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat
What is the impact?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What do I need to do?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin
TC-2023-005 - Problem in Canary Firewall Service
on 22nd April, 2023
Description

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What happened?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

Who is affected?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What is the impact?

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec feugiat elit nisl, a hendrerit dui eleifend ut. Nunc porttitor odio ipsum, eu commodo ligula vulputate id. Nullam vulputate mi non risus convallis, vitae facilisis erat gravida. Mauris eu ante interdum, mattis diam ut, gravida urna. Aenean vitae tortor a dolor fin

What do I need to do?

Follow these steps to update your bird
1. cd /usr/ports/security/tailscale
2. edit the Makefile to set PORTVERSION to 1.38.2
3. make makesum
4. make install

No advisories at present. You can report a security issue here

The security posture of a product is much more than a list of CVEs. We put a lot of thought into our products to make sure that they won’t easily become the weakest link in your environment. You can read some of these thoughts here:

Thinkst Canary

Security Advisories

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Credits

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Select your number of Canaries

Download your PDF Quote

Security Advisories

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Credits

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Description

What happened?

Who is affected?

What is the impact?

What do I need to do?

Login

Reset password

Select your number of Canaries

Download your PDF Quote

Preparing your quote...

Your quote is ready!

Send us a message

Thanks for contacting us!

We'll be in touch shortly.