Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-31134
HistoryMay 09, 2023 - 2:15 p.m.

CVE-2023-31134

2023-05-0914:15:13
CWE-601
[email protected]
web.nvd.nist.gov
22
tauri
ipc
isolation bypass
version 1.0.0
version 1.1.0
version 1.2.0
open redirect
security patch

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit
arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.

Affected configurations

Vulners
NVD
Node
tauri-appstauriRange1.0.01.0.9
OR
tauri-appstauriRange1.1.01.1.4
OR
tauri-appstauriRange1.2.01.2.5

CNA Affected

[
  {
    "vendor": "tauri-apps",
    "product": "tauri",
    "versions": [
      {
        "version": ">= 1.0.0, < 1.0.9",
        "status": "affected"
      },
      {
        "version": ">= 1.1.0, < 1.1.4",
        "status": "affected"
      },
      {
        "version": ">= 1.2.0, < 1.2.5",
        "status": "affected"
      }
    ]
  }
]

Related

osv 2
nvd 1
cvelist 1
prion 1
github 1
osv
osv
CVE-2023-31134
2023-05-09 14:15:13
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
2023-05-03 21:57:22
nvd
nvd
CVE-2023-31134
2023-05-09 14:15:13
cvelist
cvelist
CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
2023-05-09 13:09:31
prion
prion
Open redirect
2023-05-09 14:15:00
github
github
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
2023-05-03 21:57:22

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON
Related for CVE-2023-31134
osv2nvd1cvelist1prion1github1