CVE-2023-7079 MEDIUM

CVE-2023-7079: Arbitrary remote file read in Wrangler dev server

Vendor Cloudflare
Product wrangler
Weakness CWE-287 · Improper authentication
Published December 29, 2023
Last update August 2, 2024

CVSS base score

6.4/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.

Key dates

02Disclosure timeline

December 29, 2023 CVE published
August 2, 2024 Record updated