6.4

CVE-2023-7079

EPSS 0.06%
Veröffentlicht 29.12.2023 12:15:47
Zuletzt bearbeitet 21.11.2024 08:45:12
Quelle cna@cloudflare.com
CVE-Watchlists
Login
Unerledigt
Login

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudflare ≫ Wrangler SwPlatformnode.js Version >= 3.9.0 < 3.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cna@cloudflare.com	6.4	1.2	4.7	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/cloudflare/workers-sdk/pull/4532

Patch

https://github.com/cloudflare/workers-sdk/pull/4535

Patch

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7079

EUVD