CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35222 – iFrames Bypass Origin Checks for Tauri API Access Control
https://notcve.org/view.php?id=CVE-2024-35222
Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences ("delete project", "transfer credits", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19. Tauri es un framework para crear archivos binarios para las principales plataformas de escritorio. • https://github.com/tauri-apps/tauri/issues/8316 https://github.com/tauri-apps/tauri/security/advisories/GHSA-57fm-592m-34r7 • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-46115 – Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli
https://notcve.org/view.php?id=CVE-2023-46115
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. • https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259 https://tauri.app/v1/guides/getting-started/setup/vite • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34460 – Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
https://notcve.org/view.php?id=CVE-2023-34460
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. • https://github.com/tauri-apps/tauri/commit/066c09a6ea06f42f550d090715e06beb65cd5564 https://github.com/tauri-apps/tauri/pull/6969#discussion_r1232018347 https://github.com/tauri-apps/tauri/pull/7227 https://github.com/tauri-apps/tauri/security/advisories/GHSA-wmff-grcw-jcfm • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-31134 – Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
https://notcve.org/view.php?id=CVE-2023-31134
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. • https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.0.9 https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.1.4 https://github.com/tauri-apps/tauri/releases/tag/tauri-v1.2.5 https://github.com/tauri-apps/tauri/security/advisories/GHSA-4wm2-cwcf-wwvp https://www.github.com/tauri-apps/tauri/commit/58ea0b45268dbd46cbac0ebb0887353d057ca767 https://www.github.com/tauri-apps/tauri/commit/fa90214b052b1a5d38d54fbf1ca422b4c37cfd1f • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 1CVE-2022-46171 – Tauri vulnerable to path traversal
https://notcve.org/view.php?id=CVE-2022-46171
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. • https://github.com/tauri-apps/tauri/commit/72389b00d7b495ffd7750eb1e75a3b8537d07cf3 https://github.com/tauri-apps/tauri/commit/f0602e7c294245ab6ef6fbf2a976ef398340ef58 https://github.com/tauri-apps/tauri/security/advisories/GHSA-6mv3-wm7j-h4w5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •