Lucene search

[email protected]NVD:CVE-2023-34460

HistoryJun 23, 2023 - 8:15 p.m.

CVE-2023-34460

2023-06-2320:15:09

CWE-285

[email protected]

web.nvd.nist.gov

tauri framework

unix

dotfiles

regression

wildcard scopes

patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. $HOME/*), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the fs endpoint are affected. The regression has been patched on version 1.4.1.

Affected configurations

NVD

Node

tauritauriMatch1.4.0

AND

applemacosMatch-

linuxlinux_kernelMatch-

References

github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564

github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347

github.com/tauri-apps/tauri/pull/7227

github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for NVD:CVE-2023-34460

osv2 cvelist1 cve1 prion1 github1