CVE-2023-7079 Vulnerability Details

  /     /     /  

CVE-2023-7079 Metadata Quick Info

CVE Published: 29/12/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: cloudflare | Vendor: Cloudflare | Product: wrangler
Status : PUBLISHED

CVE-2023-7079 Description

Sending specially crafted HTTP requests and inspector messages to Wrangler\'s dev server could result in any file on the user\'s computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Metrics

CVSS Version: 3.1 | Base Score: 6.4 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287 Improper Authentication
Source: Cloudflare

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-593
CAPEC Description: CAPEC-593 Session Hijacking


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-7079 Vulnerability Details