Main Vulnerability Database SB2022091616

SB2022091616 - Information disclosure in Tauri

Published: September 16, 2022

Security Bulletin ID SB2022091616

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2022-39215)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing canonicalization when "readDir" is called recursively. A remote attacker can use a specially crafted symbolic link and gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://github.com/tauri-apps/tauri/issues/4882
https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499
https://github.com/tauri-apps/tauri/pull/5123
https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678