CVE-2024-35222
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. Valid commands with potentially unwanted consequences (“delete project”, “transfer credits”, etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19.
Affected configurations
CNA Affected
[
{
"vendor": "tauri-apps",
"product": "tauri",
"versions": [
{
"version": "<= 1.6.6",
"status": "affected"
},
{
"version": ">= 2.0.0-beta.0, <= 2.0.0-beta.19",
"status": "affected"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%