Search criteria
9 vulnerabilities found for Wrangler by Cloudflare
FKIE_CVE-2023-7080
Vulnerability from fkie_nvd - Published: 2023-12-29 12:15 - Updated: 2024-11-21 08:45
Severity ?
8.5 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudflare | wrangler | * | |
| cloudflare | wrangler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9BC3CE33-76AB-4812-BCBD-C65F5728471D",
"versionEndExcluding": "2.20.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "4F11F521-F7AC-4E31-9424-4CB968F50E6E",
"versionEndExcluding": "3.19.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.\n\nThis issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev\u0027s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 \u00a0(CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.\n"
},
{
"lang": "es",
"value": "V8 inspector permite intencionalmente la ejecuci\u00f3n de c\u00f3digo arbitrario dentro de la sandbox de Workers para su depuraci\u00f3n. wrangler dev previamente iniciar\u00eda un servidor inspector escuchando en todas las interfaces de red. Esto permitir\u00eda a un atacante en la red local conectarse al inspector y ejecutar c\u00f3digo arbitrario. Adem\u00e1s, el servidor inspector no valid\u00f3 los encabezados Origin/Host, lo que le otorga a un atacante que puede enga\u00f1ar a cualquier usuario de la red local para que abra un sitio web malicioso la capacidad de ejecutar c\u00f3digo. Si se usaba wrangler dev --remote, un atacante podr\u00eda acceder a los recursos de producci\u00f3n si estuvieran vinculados al trabajador. Este problema se solucion\u00f3 en wrangler@3.19.0 y wrangler@2.20.2. Si bien el servidor inspector de wrangler dev escucha en las interfaces locales de forma predeterminada a partir de wrangler@3.16.0, se ha detectado una vulnerabilidad SSRF en miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7\u0026#xa0;( CVE-2023-7078) permit\u00eda el acceso desde la red local hasta wrangler@3.18.0. wrangler@3.19.0 y wrangler@2.20.2 introdujeron la validaci\u00f3n para los encabezados Origen/Host."
}
],
"id": "CVE-2023-7080",
"lastModified": "2024-11-21T08:45:12.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.8,
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T12:15:47.970",
"references": [
{
"source": "cna@cloudflare.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
}
],
"sourceIdentifier": "cna@cloudflare.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-7079
Vulnerability from fkie_nvd - Published: 2023-12-29 12:15 - Updated: 2024-11-21 08:45
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudflare | wrangler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "F57F184B-3236-49A1-A736-836FD1BE0075",
"versionEndExcluding": "3.19.0",
"versionStartIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sending specially crafted HTTP requests and inspector messages to Wrangler\u0027s dev server could result in any file on the user\u0027s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\n"
},
{
"lang": "es",
"value": "El env\u00edo de solicitudes HTTP especialmente manipuladas y mensajes de inspector al Wrangler\u0027s dev server podr\u00eda hacer que se pueda acceder a cualquier archivo en el equipo del usuario a trav\u00e9s de la red local. Un atacante que pudiera enga\u00f1ar a cualquier usuario de la red local para que abra un sitio web malicioso tambi\u00e9n podr\u00eda leer cualquier archivo."
}
],
"id": "CVE-2023-7079",
"lastModified": "2024-11-21T08:45:12.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-29T12:15:47.763",
"references": [
{
"source": "cna@cloudflare.com",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
}
],
"sourceIdentifier": "cna@cloudflare.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3348
Vulnerability from fkie_nvd - Published: 2023-08-03 15:15 - Updated: 2024-11-21 08:17
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudflare | wrangler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudflare:wrangler:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "0A4B04E1-8BCF-4AE4-B2F3-EF0C3CDA80F2",
"versionEndExcluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Wrangler command line tool\u00a0 (\u003c=wrangler@3.1.0 or \u003c=wrangler@2.20.1)\u00a0was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim\u0027s files present outside of the directory for the development server.\n\n\n\n"
}
],
"id": "CVE-2023-3348",
"lastModified": "2024-11-21T08:17:04.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-03T15:15:30.227",
"references": [
{
"source": "cna@cloudflare.com",
"tags": [
"Product"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Product"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"source": "cna@cloudflare.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
}
],
"sourceIdentifier": "cna@cloudflare.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cna@cloudflare.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-7080 (GCVE-0-2023-7080)
Vulnerability from cvelistv5 – Published: 2023-12-29 11:58 – Updated: 2024-08-02 08:50
VLAI?
Title
Arbitrary remote code execution within wrangler dev Workers sandbox
Summary
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
Severity ?
8.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | wrangler |
Affected:
0 , ≤ 3.0.0
(patch)
Affected: 0 , < 3.19.0 (patch) Affected: 0 , ≤ 2.0.0 (patch) Affected: 0 , < 2.20.2 (patch) |
Credits
Peter Wu (Lekensteyn)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "wrangler",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "wrangler",
"repo": "https://github.com/cloudflare/workers-sdk",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThan": "3.19.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThan": "2.20.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Peter Wu (Lekensteyn)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. \u003cb\u003ewrangler dev\u003c/b\u003e would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If \u003cb\u003ewrangler dev --remote\u003c/b\u003e was being used, an attacker could access production resources if they were bound to the worker.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e. Whilst \u003cb\u003ewrangler dev\u003c/b\u003e\u0027s inspector server listens on local interfaces by default as of \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, an \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7\"\u003eSSRF vulnerability in miniflare\u003c/a\u003e\u0026nbsp;(CVE-2023-7078) allowed access from the local network until \u003cb\u003ewrangler@3.18.0\u003c/b\u003e. \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e introduced validation for the \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers.\u003cbr\u003e"
}
],
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.\n\nThis issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev\u0027s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 \u00a0(CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:08:25.935Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary remote code execution within wrangler dev Workers sandbox",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, and configure Wrangler to listen on local interfaces instead with \u003cb\u003ewrangler dev --ip 127.0.0.1\u003c/b\u003e to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least wrangler@3.16.0, and configure Wrangler to listen on local interfaces instead with wrangler dev --ip 127.0.0.1 to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-7080",
"datePublished": "2023-12-29T11:58:36.214Z",
"dateReserved": "2023-12-22T09:59:52.954Z",
"dateUpdated": "2024-08-02T08:50:07.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7079 (GCVE-0-2023-7079)
Vulnerability from cvelistv5 – Published: 2023-12-29 11:54 – Updated: 2024-08-02 08:50
VLAI?
Title
Arbitrary remote file read in Wrangler dev server
Summary
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
Severity ?
6.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | wrangler |
Affected:
0 , ≤ 3.9.0
(patch)
Affected: 0 , < 3.19.0 (patch) |
Credits
Peter Wu (Lekensteyn)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "wrangler",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "wrangler",
"repo": "https://github.com/cloudflare/workers-sdk",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThan": "3.19.0",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Peter Wu (Lekensteyn)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sending specially crafted HTTP requests and inspector messages to Wrangler\u0027s dev server could result in any file on the user\u0027s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\u003cbr\u003e"
}
],
"value": "Sending specially crafted HTTP requests and inspector messages to Wrangler\u0027s dev server could result in any file on the user\u0027s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:08:49.883Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary remote file read in Wrangler dev server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConfigure Wrangler to listen on local interfaces instead with \u003ccode\u003e\u003cb\u003ewrangler dev --ip 127.0.0.1\u003c/b\u003e\u003c/code\u003e. This is the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf\"\u003edefault as of \u003ccode\u003ewrangler@3.16.0\u003c/code\u003e\u003c/a\u003e, and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website.\u003c/p\u003e"
}
],
"value": "Configure Wrangler to listen on local interfaces instead with wrangler dev --ip 127.0.0.1. This is the default as of wrangler@3.16.0 https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf , and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-7079",
"datePublished": "2023-12-29T11:54:08.925Z",
"dateReserved": "2023-12-22T09:59:49.428Z",
"dateUpdated": "2024-08-02T08:50:07.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3348 (GCVE-0-2023-3348)
Vulnerability from cvelistv5 – Published: 2023-08-03 13:47 – Updated: 2024-10-09 20:34
VLAI?
Title
Directory traversal vulnerability in Cloudflare Wrangler
Summary
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
Severity ?
5.7 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | Wrangler |
Affected:
3 , < 3.1.1
(semver)
Affected: 2 , < 2.20.1 (semver) |
Credits
robocap42 (HackerOne researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:30:56.298602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:34:14.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wrangler",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.1.1",
"status": "unaffected"
}
],
"lessThan": "3.1.1",
"status": "affected",
"version": "3",
"versionType": "semver"
},
{
"changes": [
{
"at": "2.20.1",
"status": "unaffected"
}
],
"lessThan": "2.20.1",
"status": "affected",
"version": "2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "robocap42 (HackerOne researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe Wrangler command line tool\u0026nbsp; (\u0026lt;=wrangler@3.1.0 or \u0026lt;=wrangler@2.20.1)\u0026nbsp;was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim\u0027s files present outside of the directory for the development server.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The Wrangler command line tool\u00a0 (\u003c=wrangler@3.1.0 or \u003c=wrangler@2.20.1)\u00a0was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim\u0027s files present outside of the directory for the development server.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T09:17:49.419Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
},
{
"tags": [
"product"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"tags": [
"related"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to wrangler@3.1.1 or higher\u003cbr\u003eFor wrangler v2 upgrade to wrangler@2.20.1 or higher"
}
],
"value": "Upgrade to wrangler@3.1.1 or higher\nFor wrangler v2 upgrade to wrangler@2.20.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Directory traversal vulnerability in Cloudflare Wrangler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-3348",
"datePublished": "2023-08-03T13:47:07.296Z",
"dateReserved": "2023-06-21T07:20:37.335Z",
"dateUpdated": "2024-10-09T20:34:14.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7080 (GCVE-0-2023-7080)
Vulnerability from nvd – Published: 2023-12-29 11:58 – Updated: 2024-08-02 08:50
VLAI?
Title
Arbitrary remote code execution within wrangler dev Workers sandbox
Summary
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
Severity ?
8.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | wrangler |
Affected:
0 , ≤ 3.0.0
(patch)
Affected: 0 , < 3.19.0 (patch) Affected: 0 , ≤ 2.0.0 (patch) Affected: 0 , < 2.20.2 (patch) |
Credits
Peter Wu (Lekensteyn)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "wrangler",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "wrangler",
"repo": "https://github.com/cloudflare/workers-sdk",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThan": "3.19.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThan": "2.20.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Peter Wu (Lekensteyn)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. \u003cb\u003ewrangler dev\u003c/b\u003e would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If \u003cb\u003ewrangler dev --remote\u003c/b\u003e was being used, an attacker could access production resources if they were bound to the worker.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e. Whilst \u003cb\u003ewrangler dev\u003c/b\u003e\u0027s inspector server listens on local interfaces by default as of \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, an \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7\"\u003eSSRF vulnerability in miniflare\u003c/a\u003e\u0026nbsp;(CVE-2023-7078) allowed access from the local network until \u003cb\u003ewrangler@3.18.0\u003c/b\u003e. \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e introduced validation for the \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers.\u003cbr\u003e"
}
],
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.\n\nThis issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev\u0027s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 \u00a0(CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:08:25.935Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary remote code execution within wrangler dev Workers sandbox",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, and configure Wrangler to listen on local interfaces instead with \u003cb\u003ewrangler dev --ip 127.0.0.1\u003c/b\u003e to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least wrangler@3.16.0, and configure Wrangler to listen on local interfaces instead with wrangler dev --ip 127.0.0.1 to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-7080",
"datePublished": "2023-12-29T11:58:36.214Z",
"dateReserved": "2023-12-22T09:59:52.954Z",
"dateUpdated": "2024-08-02T08:50:07.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7079 (GCVE-0-2023-7079)
Vulnerability from nvd – Published: 2023-12-29 11:54 – Updated: 2024-08-02 08:50
VLAI?
Title
Arbitrary remote file read in Wrangler dev server
Summary
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.
Severity ?
6.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | wrangler |
Affected:
0 , ≤ 3.9.0
(patch)
Affected: 0 , < 3.19.0 (patch) |
Credits
Peter Wu (Lekensteyn)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "wrangler",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "wrangler",
"repo": "https://github.com/cloudflare/workers-sdk",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThan": "3.19.0",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Peter Wu (Lekensteyn)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sending specially crafted HTTP requests and inspector messages to Wrangler\u0027s dev server could result in any file on the user\u0027s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\u003cbr\u003e"
}
],
"value": "Sending specially crafted HTTP requests and inspector messages to Wrangler\u0027s dev server could result in any file on the user\u0027s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:08:49.883Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4532"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary remote file read in Wrangler dev server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConfigure Wrangler to listen on local interfaces instead with \u003ccode\u003e\u003cb\u003ewrangler dev --ip 127.0.0.1\u003c/b\u003e\u003c/code\u003e. This is the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf\"\u003edefault as of \u003ccode\u003ewrangler@3.16.0\u003c/code\u003e\u003c/a\u003e, and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website.\u003c/p\u003e"
}
],
"value": "Configure Wrangler to listen on local interfaces instead with wrangler dev --ip 127.0.0.1. This is the default as of wrangler@3.16.0 https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf , and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-7079",
"datePublished": "2023-12-29T11:54:08.925Z",
"dateReserved": "2023-12-22T09:59:49.428Z",
"dateUpdated": "2024-08-02T08:50:07.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3348 (GCVE-0-2023-3348)
Vulnerability from nvd – Published: 2023-08-03 13:47 – Updated: 2024-10-09 20:34
VLAI?
Title
Directory traversal vulnerability in Cloudflare Wrangler
Summary
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.
Severity ?
5.7 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | Wrangler |
Affected:
3 , < 3.1.1
(semver)
Affected: 2 , < 2.20.1 (semver) |
Credits
robocap42 (HackerOne researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:30:56.298602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:34:14.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wrangler",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.1.1",
"status": "unaffected"
}
],
"lessThan": "3.1.1",
"status": "affected",
"version": "3",
"versionType": "semver"
},
{
"changes": [
{
"at": "2.20.1",
"status": "unaffected"
}
],
"lessThan": "2.20.1",
"status": "affected",
"version": "2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "robocap42 (HackerOne researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eThe Wrangler command line tool\u0026nbsp; (\u0026lt;=wrangler@3.1.0 or \u0026lt;=wrangler@2.20.1)\u0026nbsp;was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim\u0027s files present outside of the directory for the development server.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The Wrangler command line tool\u00a0 (\u003c=wrangler@3.1.0 or \u003c=wrangler@2.20.1)\u00a0was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim\u0027s files present outside of the directory for the development server.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T09:17:49.419Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp"
},
{
"tags": [
"product"
],
"url": "https://github.com/cloudflare/workers-sdk"
},
{
"tags": [
"related"
],
"url": "https://developers.cloudflare.com/workers/wrangler/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to wrangler@3.1.1 or higher\u003cbr\u003eFor wrangler v2 upgrade to wrangler@2.20.1 or higher"
}
],
"value": "Upgrade to wrangler@3.1.1 or higher\nFor wrangler v2 upgrade to wrangler@2.20.1 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Directory traversal vulnerability in Cloudflare Wrangler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-3348",
"datePublished": "2023-08-03T13:47:07.296Z",
"dateReserved": "2023-06-21T07:20:37.335Z",
"dateUpdated": "2024-10-09T20:34:14.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}