Name of the Vulnerable Software and Affected Versions:
Tunnelblick versions 3.5beta06 through 6.x
Tunnelblick version 7.0 and earlier
Description:
The issue is related to the HTTP Request2 library used for processing HTTP requests in the Tunnelblick VPN client. It involves information disclosure through the tests/ network/getparameters.php and tests/ network/postparameters.php test directory. Exploitation of this issue can allow a remote attacker to conduct a cross-site scripting (XSS) attack and potentially elevate privileges to the root level.
Recommendations:
For Tunnelblick versions 3.5beta06 through 6.x, completely uninstall the previous version before installing a newer version to prevent potential exploitation.
For Tunnelblick version 7.0 and earlier, ensure that any incomplete uninstallation does not leave behind exploitable components, and consider upgrading to a version where this issue is resolved.
As a temporary workaround, consider restricting access to the tests/ network directory to minimize the risk of exploitation.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾