CVE-2023-7079 — Improper Authentication in Wrangler

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.7MEDIUMNVD

EPSS

0.1%

top 78.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudflare Wrangler

Timeline

PublishedDec 29

Latest updateJan 3

Description

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cloudflare/wrangler< 3.19.0+1

▶NVDcloudflare/wrangler3.9.0 — 3.19.0

▶npmcloudflare/wrangler3.9.0 — 3.19.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Arbitrary remote file read in Wrangler dev server↗2024-01-03

▶

OSV

Arbitrary remote file read in Wrangler dev server↗2024-01-03

▶