CVE-2023-7079

Published: Dec 29, 2023Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Affected (1)

Products: Cloudflare: Wrangler

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Wrangler	From 3.9.0 to 3.19.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://github.com/cloudflare/workers-sdk/pull/4532

Source: cna@cloudflare.com

Patch

https://github.com/cloudflare/workers-sdk/pull/4535

Source: cna@cloudflare.com

Patch

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Source: cna@cloudflare.com

PatchThird Party Advisory

https://github.com/cloudflare/workers-sdk/pull/4532

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/cloudflare/workers-sdk/pull/4535

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.