CVE-2022-39215
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope. Users are advised to upgrade. Users unable to upgrade should disable the readDir endpoint in the allowlist inside the tauri.conf.json.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| tauri-apps | tauri | < 1.0.6 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499
- https://github.com/tauri-apps/tauri/issues/4882
- https://github.com/tauri-apps/tauri/pull/5123
- https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499
- https://github.com/tauri-apps/tauri/issues/4882
- https://github.com/tauri-apps/tauri/pull/5123
- https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.