The official source for security vulnerabilities disclosed in Firezone.
Found a vulnerability? See reporting a vulnerability for how to disclose it privately.
On Windows Clients prior to 1.5.13, the device ID file was readable by any local user, so its contents could be copied to another machine to bypass device verification policies.
Windows GUI Clients prior to 1.5.13 stored their advanced settings in a user-writable directory and read MDM policy from the per-user registry hive, letting any same-user process change how the privileged tunnel connects.
Linux GUI Clients prior to 1.5.13 stored their advanced settings in a directory under the user's home that any same-user process could modify, influencing how the privileged tunnel connects.
Windows GUI Clients prior to 1.5.13 created their tunnel and GUI named pipes without package-scoped access control, letting other local processes drive the privileged tunnel service, change settings, or hijack deep-link handoff.
Linux GUI Clients prior to 1.5.13 authorized peers on the tunnel service IPC socket only by group membership, letting any process running as the desktop user drive the privileged tunnel and change Client settings.
macOS Clients from 1.4.15 through 1.5.15 stored their configuration in a UserDefaults domain writable by any unprivileged local process, allowing the Client's settings to be tampered with. Clients with configuration forced via MDM are not affected.