CVE-2023-7078 - OpenCVE

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cloudflare	Miniflare

Configuration 1 [-]

cpe:2.3:a:cloudflare:miniflare:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/cloudflare/workers-sdk/pull/4532	Patch
https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cloudflare

Published: 2023-12-29T11:53:06.669Z

Updated: 2023-12-29T12:09:03.496Z

Reserved: 2023-12-22T09:58:30.164Z

Link: CVE-2023-7078

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-29T12:15:47.537

Modified: 2024-01-05T18:12:41.400

Link: CVE-2023-7078

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-7078", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2023-12-22T09:58:30.164Z", "datePublished": "2023-12-29T11:53:06.669Z", "dateUpdated": "2023-12-29T12:09:03.496Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "miniflare", "platforms": ["Windows", "MacOS", "Linux"], "product": "miniflare", "repo": "https://github.com/cloudflare/workers-sdk", "vendor": "Cloudflare", "versions": [{"changes": [{"at": "3.20231030.2", "status": "unaffected"}], "lessThanOrEqual": "<=3.20230821.0", "status": "affected", "version": "0", "versionType": "patch"}, {"changes": [{"at": "3.20231030.2", "status": "unaffected"}], "lessThan": "3.20231030.2", "status": "affected", "version": "0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": " Peter Wu (Lekensteyn)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in <code>wrangler</code> until <code>3.19.0</code>), an attacker on the local network could access other local servers.</p>"}], "value": "Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler\u00a0until 3.19.0), an attacker on the local network could access other local servers.\n\n"}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-12-29T12:09:03.496Z"}, "references": [{"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7"}, {"url": "https://github.com/cloudflare/workers-sdk/pull/4532"}], "source": {"discovery": "INTERNAL"}, "title": "Server-Side Request Forgery (SSRF) in Miniflare", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ensure Miniflare is configured to listen on just local interfaces. This is the default behaviour, but can also be configured with the <tt>host: \"127.0.0.1\"</tt> option."}], "value": "Ensure Miniflare is configured to listen on just local interfaces. This is the default behaviour, but can also be configured with the host: \"127.0.0.1\" option."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:miniflare:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "67511B20-A2DE-4225-9355-59DADBDC39C2", "versionEndExcluding": "3.20231030.2", "versionStartIncluding": "3.20230821.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler\u00a0until 3.19.0), an attacker on the local network could access other local servers.\n\n"}, {"lang": "es", "value": "El env\u00edo de solicitudes HTTP especialmente manipuladas al Miniflare's server podr\u00eda dar como resultado el env\u00edo de solicitudes HTTP y WebSocket arbitrarias desde el servidor. Si Miniflare estaba configurado para escuchar en interfaces de red externas (como era el valor predeterminado en Wrangler hasta 3.19.0), un atacante en la red local podr\u00eda acceder a otros servidores locales."}], "id": "CVE-2023-7078", "lastModified": "2024-01-05T18:12:41.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.8, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2023-12-29T12:15:47.537", "references": [{"source": "cna@cloudflare.com", "tags": ["Patch"], "url": "https://github.com/cloudflare/workers-sdk/pull/4532"}, {"source": "cna@cloudflare.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}