Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistGitHub_MCVELIST:CVE-2023-31134
HistoryMay 09, 2023 - 1:09 p.m.

CVE-2023-31134 Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites

2023-05-0913:09:31
CWE-601
GitHub_M
www.cve.org
tauri
open redirect
vulnerability
ipc
external sites

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit
arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.

CNA Affected

[
  {
    "vendor": "tauri-apps",
    "product": "tauri",
    "versions": [
      {
        "version": ">= 1.0.0, < 1.0.9",
        "status": "affected"
      },
      {
        "version": ">= 1.1.0, < 1.1.4",
        "status": "affected"
      },
      {
        "version": ">= 1.2.0, < 1.2.5",
        "status": "affected"
      }
    ]
  }
]

Related

osv 2
nvd 1
cve 1
prion 1
github 1
osv
osv
CVE-2023-31134
2023-05-09 14:15:13
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
2023-05-03 21:57:22
nvd
nvd
CVE-2023-31134
2023-05-09 14:15:13
cve
cve
CVE-2023-31134
2023-05-09 14:15:13
prion
prion
Open redirect
2023-05-09 14:15:00
github
github
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
2023-05-03 21:57:22

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON
Related for CVELIST:CVE-2023-31134
osv2nvd1cve1prion1github1