PT-2023-5599 · Tauri · Tauri

🗓️ 21 Jun 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 3 Views

Tauri version 1.4.0 has a regression allowing access to dotfiles impacting data security.

Reporter	Title	Published	Views	Family All 10
CNNVD	Tauri 授权问题漏洞	23 Jun 202300:00	–	cnnvd
CVE	CVE-2023-34460	23 Jun 202319:09	–	cve
Cvelist	CVE-2023-34460 Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles	23 Jun 202319:09	–	cvelist
EUVD	EUVD-2023-1905	3 Oct 202520:07	–	euvd
Github Security Blog	Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles	21 Jun 202318:35	–	github
NVD	CVE-2023-34460	23 Jun 202320:15	–	nvd
OSV	CVE-2023-34460 Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles	23 Jun 202319:09	–	osv
OSV	GHSA-WMFF-GRCW-JCFM Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles	21 Jun 202318:35	–	osv
Prion	Input validation	23 Jun 202320:15	–	prion
Vulnrichment	CVE-2023-34460 Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles	23 Jun 202319:09	–	vulnrichment

Source	Link
github	www.github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564
github	www.github.com/tauri-apps/tauri/pull/7227
github	www.github.com/tauri-apps/tauri/pull/6969
bdu	www.bdu.fstec.ru/vul/2023-06254
osv	www.osv.dev/vulnerability/CVE-2023-34460
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-34460
osv	www.osv.dev/vulnerability/GHSA-wmff-grcw-jcfm
github	www.github.com/tauri-apps/tauri
github	www.github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5
github	www.github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm

05 Jul 2023 00:00Current

9.2High risk

Vulners AI Score9.2

CVSS 3.14.8 - 9.8

EPSS0.00089

SSVC

tauri vulnerability filesystem scope dotfiles access remote attack confidentiality integrity availability version update security recommendation