CVE-2024-34069

Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Werkzeug es una librería completa de aplicaciones web WSGI. El depurador de las versiones afectadas de Werkzeug puede permitir que un atacante ejecute código en la máquina de un desarrollador en algunas circunstancias. Esto requiere que el atacante consiga que el desarrollador interactúe con un dominio y subdominio que controla e ingrese el PIN del depurador, pero si tiene éxito, permite el acceso al depurador incluso si solo se está ejecutando en localhost. Esto también requiere que el atacante adivine una URL en la aplicación del desarrollador que activará el depurador. Esta vulnerabilidad se solucionó en 3.0.3.

A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.

*Credits: N/A

CVSS Scores

GitHubv3.1 7.5

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-04-30 CVE Reserved
2024-05-06 CVE Published
2024-06-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (7)

URL	Tag	Source
https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692	X_refsource_misc
https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985	X_refsource_confirm
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ
https://security.netapp.com/advisory/ntap-20240614-0004

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-34069	2024-09-05
https://bugzilla.redhat.com/show_bug.cgi?id=2279451	2024-09-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pallets Search vendor "Pallets"		Werkzeug Search vendor "Pallets" for product "Werkzeug"				< 3.0.3 Search vendor "Pallets" for product "Werkzeug" and version " < 3.0.3"		en		Affected