CVE-2023-34092
Vulnerability from cvelistv5
Published
2023-06-01 16:29
Modified
2024-08-02 16:01
Severity ?
EPSS score ?
Summary
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:01:53.638Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67" }, { "name": "https://github.com/vitejs/vite/pull/13348", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vitejs/vite/pull/13348" }, { "name": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vite", "vendor": "vitejs", "versions": [ { "status": "affected", "version": "\u003c 2.9.16" }, { "status": "affected", "version": "\u003e= 3.0.2, \u003c 3.2.7" }, { "status": "affected", "version": "\u003e= 4.0.0, \u003c 4.0.5" }, { "status": "affected", "version": "\u003e= 4.1.0, \u003c 4.1.5" }, { "status": "affected", "version": "\u003e= 4.2.0, \u003c 4.2.3" }, { "status": "affected", "version": "\u003e= 4.3.0, \u003c 4.3.9" } ] } ], "descriptions": [ { "lang": "en", "value": "Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`[\u0027.env\u0027, \u0027.env.*\u0027, \u0027*.{crt,pem}\u0027]`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-50", "description": "CWE-50: Path Equivalence: \u0027//multiple/leading/slash\u0027", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-01T16:29:51.428Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67" }, { "name": "https://github.com/vitejs/vite/pull/13348", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vitejs/vite/pull/13348" }, { "name": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32" } ], "source": { "advisory": "GHSA-353f-5xf4-qw67", "discovery": "UNKNOWN" }, "title": "Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-34092", "datePublished": "2023-06-01T16:29:51.428Z", "dateReserved": "2023-05-25T21:56:51.244Z", "dateUpdated": "2024-08-02T16:01:53.638Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-34092\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-06-01T17:15:10.947\",\"lastModified\":\"2024-11-21T08:06:31.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`[\u0027.env\u0027, \u0027.env.*\u0027, \u0027*.{crt,pem}\u0027]`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-50\"},{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-706\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.0.2\",\"versionEndExcluding\":\"3.2.7\",\"matchCriteriaId\":\"81E9D1EB-AFE2-43D9-A781-282140779EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.5\",\"matchCriteriaId\":\"9A9DC92A-6C2A-48BC-B6B2-365E1589131F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.5\",\"matchCriteriaId\":\"3885C89E-1319-458B-9497-95485DD45953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.3\",\"matchCriteriaId\":\"B0F04F02-C6BA-4BFB-ACD6-96CBF811BB5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.9\",\"matchCriteriaId\":\"3628D78A-7E86-490F-961F-9C3F538FBCEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vitejs:vite:2.9.15:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"25EB63DE-73B0-4901-959E-FFF4FAD2CDE5\"}]}]}],\"references\":[{\"url\":\"https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/pull/13348\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/vitejs/vite/commit/813ddd6155c3d54801e264ba832d8347f6f66b32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/pull/13348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vitejs/vite/security/advisories/GHSA-353f-5xf4-qw67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.