CloudflareVULNRICHMENT:CVE-2023-7078CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Sending specially crafted HTTP requests to Miniflareβs server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wranglerΒ until 3.19.0), an attacker on the local network could access other local servers.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:cloudflare:miniflare:*:*:*:*:*:node.js:*:*"
],
"vendor": "cloudflare",
"product": "miniflare",
"versions": [
{
"status": "affected",
"version": "3.20230821.0",
"lessThan": "3.20231030.2",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total