6.4

CVE-2023-7079

EPSS 0.06%
Published 29.12.2023 12:15:47
Last modified 21.11.2024 08:45:12
Source cna@cloudflare.com
CVE-Watchlists
Login
Open
Login

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cloudflare ≫ Wrangler SwPlatformnode.js Version >= 3.9.0 < 3.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.194

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
cna@cloudflare.com	6.4	1.2	4.7	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/cloudflare/workers-sdk/pull/4532

Patch

https://github.com/cloudflare/workers-sdk/pull/4535

Patch

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7079

EUVD