Vulnerabilites related to tauri - tauri
CVE-2022-46171 (GCVE-0-2022-46171)
Vulnerability from cvelistv5
Published
2022-12-23 13:47
Modified
2025-04-15 03:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: >= 1.0.0, < 1.0.8 Version: >= 1.1.0, < 1.1.3 Version: >= 1.2.0, < 1.2.3 Version: >= 2.0.0-alpha.0, < 2.0.0-alpha.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T03:14:09.148755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T03:17:21.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.8"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.1.3"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.3"
},
{
"status": "affected",
"version": "\u003e= 2.0.0-alpha.0, \u003c 2.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-23T13:47:56.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58"
}
],
"source": {
"advisory": "GHSA-6mv3-wm7j-h4w5",
"discovery": "UNKNOWN"
},
"title": "Tauri vulnerable to path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-46171",
"datePublished": "2022-12-23T13:47:56.494Z",
"dateReserved": "2022-11-28T17:27:19.998Z",
"dateUpdated": "2025-04-15T03:17:21.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31134 (GCVE-0-2023-31134)
Vulnerability from cvelistv5
Published
2023-05-09 13:09
Modified
2025-01-28 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit
arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: >= 1.0.0, < 1.0.9 Version: >= 1.1.0, < 1.1.4 Version: >= 1.2.0, < 1.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5"
},
{
"name": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767"
},
{
"name": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:29:36.104500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T17:29:46.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.9"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.1.4"
},
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit\narbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T13:09:31.399Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4"
},
{
"name": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5"
},
{
"name": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767"
},
{
"name": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f"
}
],
"source": {
"advisory": "GHSA-4wm2-cwcf-wwvp",
"discovery": "UNKNOWN"
},
"title": "Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-31134",
"datePublished": "2023-05-09T13:09:31.399Z",
"dateReserved": "2023-04-24T21:44:10.416Z",
"dateUpdated": "2025-01-28T17:29:46.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41874 (GCVE-0-2022-41874)
Vulnerability from cvelistv5
Published
2022-11-10 00:00
Modified
2025-04-23 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: >= 1.0.0, <1.0.7 Version: >= 1.1.0, <1.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:51.769199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:38:40.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c1.0.7"
},
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-10T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
}
],
"source": {
"advisory": "GHSA-q9wv-22m9-vhqh",
"discovery": "UNKNOWN"
},
"title": "Tauri Filesystem Scope can be Partially Bypassed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41874",
"datePublished": "2022-11-10T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:38:40.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39215 (GCVE-0-2022-39215)
Vulnerability from cvelistv5
Published
2022-09-15 21:35
Modified
2025-04-22 17:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: < 1.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:42.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:39:32.741893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:21:33.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T21:35:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
}
],
"source": {
"advisory": "GHSA-28m8-9j7v-x499",
"discovery": "UNKNOWN"
},
"title": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39215",
"STATE": "PUBLIC",
"TITLE": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tauri",
"version": {
"version_data": [
{
"version_value": "\u003c 1.0.6"
}
]
}
}
]
},
"vendor_name": "tauri-apps"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499",
"refsource": "CONFIRM",
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
},
{
"name": "https://github.com/tauri-apps/tauri/issues/4882",
"refsource": "MISC",
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/5123",
"refsource": "MISC",
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678",
"refsource": "MISC",
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
}
]
},
"source": {
"advisory": "GHSA-28m8-9j7v-x499",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39215",
"datePublished": "2022-09-15T21:35:11.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:21:33.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34460 (GCVE-0-2023-34460)
Vulnerability from cvelistv5
Published
2023-06-23 19:09
Modified
2024-11-07 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: = 1.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/7227",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/pull/7227"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T19:03:47.667794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:04:00.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "= 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T19:09:54.173Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347"
},
{
"name": "https://github.com/tauri-apps/tauri/pull/7227",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/pull/7227"
},
{
"name": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564"
}
],
"source": {
"advisory": "GHSA-wmff-grcw-jcfm",
"discovery": "UNKNOWN"
},
"title": "Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34460",
"datePublished": "2023-06-23T19:09:54.173Z",
"dateReserved": "2023-06-06T16:16:53.559Z",
"dateUpdated": "2024-11-07T19:04:00.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46115 (GCVE-0-2023-46115)
Vulnerability from cvelistv5
Published
2023-10-19 23:35
Modified
2024-09-12 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tauri-apps | tauri |
Version: >= 2.0.0-alpha.0, < 2.0.0-alpha.16 Version: >= 1.0.0, < 1.5.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259"
},
{
"name": "https://tauri.app/v1/guides/getting-started/setup/vite/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tauri.app/v1/guides/getting-started/setup/vite/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46115",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T15:50:11.390191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:50:32.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tauri",
"vendor": "tauri-apps",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-alpha.0, \u003c 2.0.0-alpha.16"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: [\u0027VITE_\u0027, \u0027TAURI_\u0027],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: [\u0027VITE_\u0027],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI \u003e=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater\u0027s `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T19:07:53.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259"
},
{
"name": "https://tauri.app/v1/guides/getting-started/setup/vite/",
"tags": [
"x_refsource_MISC"
],
"url": "https://tauri.app/v1/guides/getting-started/setup/vite/"
}
],
"source": {
"advisory": "GHSA-2rcp-jvr4-r259",
"discovery": "UNKNOWN"
},
"title": "Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46115",
"datePublished": "2023-10-19T23:35:03.875Z",
"dateReserved": "2023-10-16T17:51:35.570Z",
"dateUpdated": "2024-09-12T15:50:32.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-06-23 20:15
Modified
2024-11-21 08:07
Severity ?
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB02A4BD-CF71-49AE-943F-469EB7328175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.\n\n"
}
],
"id": "CVE-2023-34460",
"lastModified": "2024-11-21T08:07:18.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-23T20:15:09.147",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/pull/7227"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/tauri-apps/tauri/pull/7227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-10 21:15
Modified
2024-11-21 07:23
Severity ?
2.6 (Low) - CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Summary
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF5DB85-C3FC-4D0E-9A90-9BC2E90BEF65",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7582D528-9402-47F1-90C3-EB90A71C8090",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json."
},
{
"lang": "es",
"value": "Tauri es un framework para crear archivos binarios para las principales plataformas de escritorio. En versiones anteriores a la 1.0.7 y 1.1.2, Tauri es vulnerable a un Nombre Resuelto Incorrectamente. Debido al escape incorrecto de caracteres especiales en las rutas seleccionadas mediante el cuadro de di\u00e1logo del archivo y la funcionalidad de arrastrar y soltar, es posible omitir parcialmente la definici\u00f3n de alcance `fs`. No es posible recorrer rutas arbitrarias, ya que el problema se limita a archivos vecinos y subcarpetas de rutas ya permitidas. El impacto difiere en Windows, MacOS y Linux debido a las diferentes especificaciones de caracteres de ruta v\u00e1lidos. Esta omisi\u00f3n depende del cuadro de di\u00e1logo del selector de archivos o de los archivos arrastrados, ya que las rutas seleccionadas por el usuario se agregan autom\u00e1ticamente a la lista de permitidos en tiempo de ejecuci\u00f3n. Una omisi\u00f3n exitosa requiere que el usuario seleccione un archivo o directorio malicioso preexistente durante el cuadro de di\u00e1logo del selector de archivos y una l\u00f3gica controlada por el adversario para acceder a estos archivos. El problema se solucion\u00f3 en las versiones 1.0.7, 1.1.2 y 1.2.0. Como workaround, deshabilite el cuadro de di\u00e1logo y el componente fileDropEnabled dentro de tauri.conf.json."
}
],
"id": "CVE-2022-41874",
"lastModified": "2024-11-21T07:23:57.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-10T21:15:10.413",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-q9wv-22m9-vhqh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
},
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-09 14:15
Modified
2024-11-21 08:01
Severity ?
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit
arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F348097A-BE7D-47EA-A960-3E6C36FD5C8D",
"versionEndExcluding": "1.0.9",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2ED9AB-0085-42BD-A93F-6337A9E3751E",
"versionEndExcluding": "1.1.4",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97C3A36F-D012-4847-AC21-359E0CC960E9",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit\narbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC."
}
],
"id": "CVE-2023-31134",
"lastModified": "2024-11-21T08:01:27.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T14:15:13.427",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-20 00:15
Modified
2024-11-21 08:27
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tauri | tauri | * | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 | |
| tauri | tauri | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E430B9A2-009E-472C-8332-F59AFCA75CE4",
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "83AB9A39-B228-4A04-BC9B-55CCEDF56453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "243B9A11-1E18-40F2-AC37-C5670F13B0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "70FE95B8-4319-474C-8C9E-04120C69A801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha12:*:*:*:*:*:*",
"matchCriteriaId": "3379B435-C9F9-41F6-AAD0-07EB1B5978BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha13:*:*:*:*:*:*",
"matchCriteriaId": "CC75ED3D-4E54-436A-A104-CE5B463B6EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha14:*:*:*:*:*:*",
"matchCriteriaId": "A50E93D4-0E9A-464C-A3AC-54687A1FEA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha15:*:*:*:*:*:*",
"matchCriteriaId": "03DA148A-66DA-4475-B344-017BD02C80DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "E79F38C9-2CDA-45D0-A952-4EA7B9D3BA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "FCD1D142-7233-454B-9406-8E50CCF3641E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E23B6CAE-8CB0-435C-A47B-8B319D0FA3C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "29989D53-47A4-4A50-918B-B554A0E3C23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "ED4E889F-9F87-4315-AFAC-91472A413291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "F224BCC0-FEED-46BA-9786-4CD256782247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "44962758-55B7-4CDB-B32D-CD37C1481B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "C8F7749F-AD30-4B90-ACEE-B93CDA3D56D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: [\u0027VITE_\u0027, \u0027TAURI_\u0027],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: [\u0027VITE_\u0027],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI \u003e=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater\u0027s `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application."
},
{
"lang": "es",
"value": "Tauri es un framework para crear archivos binarios para las principales plataformas de escritorio. Este aviso no describe una vulnerabilidad en el c\u00f3digo base de Tauri en s\u00ed, sino una configuraci\u00f3n incorrecta de uso com\u00fan que podr\u00eda provocar la filtraci\u00f3n de la clave privada y la contrase\u00f1a de la clave de actualizaci\u00f3n en aplicaciones Tauri empaquetadas que utilizan la interfaz Vite en una configuraci\u00f3n espec\u00edfica. La documentaci\u00f3n de Tauri utiliz\u00f3 una configuraci\u00f3n de ejemplo insegura en \"Vite guide\" para mostrar c\u00f3mo usar Tauri junto con Vite. Copiar el siguiente fragmento `envPrefix: [\u0027VITE_\u0027, \u0027TAURI_\u0027],` de esta gu\u00eda en `vite.config.ts` de un proyecto Tauri lleva a agrupar `TAURI_PRIVATE_KEY` y `TAURI_KEY_PASSWORD` en el c\u00f3digo de interfaz de Vite y por lo tanto filtrar este valor a la aplicaci\u00f3n Tauri lanzada. El uso de `envPrefix: [\u0027VITE_\u0027],` o cualquier otro marco que no sea Vite significa que este aviso no lo afecta. Se recomienda a los usuarios que roten su clave privada de actualizaci\u00f3n si se ven afectados por esto (requiere Tauri CLI \u0026gt;=1.5.5). Despu\u00e9s de actualizar la configuraci\u00f3n de envPrefix, genere una nueva clave privada con `tauri signer generate`, guarde la nueva clave privada y actualice el valor `pubkey` del actualizador en `tauri.conf.json` con la nueva clave p\u00fablica. Para actualizar su aplicaci\u00f3n existente, la siguiente compilaci\u00f3n de la aplicaci\u00f3n debe firmarse con la clave privada anterior para que la aplicaci\u00f3n existente la acepte."
}
],
"id": "CVE-2023-46115",
"lastModified": "2024-11-21T08:27:54.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-20T00:15:16.920",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://tauri.app/v1/guides/getting-started/setup/vite/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://tauri.app/v1/guides/getting-started/setup/vite/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-15 22:15
Modified
2024-11-21 07:17
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Summary
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5A2510-1D82-4D06-BFDC-08FA3942EDC8",
"versionEndExcluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."
},
{
"lang": "es",
"value": "Tauri es un framework para construir binarios para las principales plataformas de escritorio. Debido a una falta de canonizaci\u00f3n cuando es llamada recursivamente a \"readDir\", era posible mostrar listados de directorios fuera del \u00e1mbito definido de \"fs\". Esto requer\u00eda un enlace simb\u00f3lico dise\u00f1ado o una carpeta de uni\u00f3n dentro de una ruta permitida del \u00e1mbito \"fs\". No se pod\u00eda filtrar contenido de archivos arbitrarios. El problema ha sido resuelto en versi\u00f3n 1.0.6 y la implementaci\u00f3n ahora comprueba apropiadamente si el (sub)directorio solicitado es un enlace simb\u00f3lico fuera del \u00e1mbito definido. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n deshabilitar el endpoint \"readDir\" en \"allowlist\" dentro de \"tauri.conf.json\""
}
],
"id": "CVE-2022-39215",
"lastModified": "2024-11-21T07:17:48.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-15T22:15:11.527",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/issues/4882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-23 14:15
Modified
2024-11-21 07:30
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E530A29-A857-41B3-9439-478893F28AD4",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC99D56-D4ED-46A3-98C8-57F29C6711AB",
"versionEndExcluding": "1.1.3",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E27616AB-62D0-47D3-B858-4E3189D4B39F",
"versionEndExcluding": "1.2.3",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "83AB9A39-B228-4A04-BC9B-55CCEDF56453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tauri:tauri:2.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F29FE-B491-4AF7-B4BB-7279A0D9764D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication."
},
{
"lang": "es",
"value": "Tauri es un framework para crear archivos binarios para las principales plataformas de escritorio. Los comodines del patr\u00f3n global del sistema de archivos `*`, `?` y `[...]` coinciden con los literales de ruta de archivo y los puntos iniciales de forma predeterminada, lo que expone involuntariamente el contenido de la subcarpeta de las rutas permitidas. Los \u00e1mbitos sin comodines no se ven afectados. Como `**` permite subdirectorios, el comportamiento all\u00ed tambi\u00e9n es el esperado. El problema se solucion\u00f3 en la \u00faltima versi\u00f3n y se respald\u00f3 en las ramas 1.x actualmente admitidas. No se conocen soluciones alternativas en el momento de la publicaci\u00f3n."
}
],
"id": "CVE-2022-46171",
"lastModified": "2024-11-21T07:30:15.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-23T14:15:10.360",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}