ExploitCVE-2024-23657
Path Traversal: '../filedir' (CWE-24)
Summary
Nuxt Devtools, a component of the Nuxt framework for creating full-stack web applications with Vue.js, contains a vulnerability in the `getTextAssetContent` RPC function. This function lacks proper authentication and is susceptible to path traversal attacks. When combined with the absence of Origin checks on the WebSocket handler, an attacker can interact with a locally running devtools instance and exfiltrate data. In certain configurations, this vulnerability could lead to the leakage of devtools authentication tokens, potentially enabling remote code execution (RCE) through abuse of other RPC functions.
Impact
The impact of this vulnerability is severe, with potential consequences including: 1. Unauthorized access to sensitive files through arbitrary file read capabilities. 2. Potential system compromise via remote code execution in certain configurations. 3. Data exfiltration from affected systems. 4. Compromise of authentication tokens, leading to further system access. The vulnerability has a CVSS v3 base score of 8.8 (High), indicating critical severity. It has a network-based attack vector, requires low attack complexity, and no privileges, although user interaction is necessary. This high severity score suggests that exploitation could lead to significant damage to affected systems and data.
Exploitation
One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available. The vulnerability has been addressed in Nuxt Devtools version 1.3.9. All users are strongly advised to upgrade to this version or later. The fix was released on 2024-08-05, as indicated by the GitHub Advisory (GHSA-rcvg-rgf7-pppv).
Mitigation
1. Immediate Action: Update to Nuxt Devtools version 1.3.9 or later as soon as possible. 2. Temporary Measure: If immediate patching is not feasible, consider disabling devtools in production environments. 3. Access Control: Implement strict network segmentation and access controls to limit potential attack vectors. 4. Monitoring: Enhance system monitoring for suspicious file access or unexpected code execution. 5. Configuration Review: Conduct a thorough audit of Nuxt configurations to identify and address any potentially vulnerable setups. 6. Developer Education: Train development teams on the risks of path traversal vulnerabilities and secure coding practices. 7. Vulnerability Scanning: Regularly scan systems using tools like Qualys (which has detection capabilities for this CVE) to identify and address vulnerabilities promptly.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
Detection for the vulnerability has been added to Qualys (5000648)
A CVSS base score of 8.8 has been assigned.
Feedly found the first article mentioning CVE-2024-23657. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-23657
EPSS Score was set to: 0.04% (Percentile: 10.8%)
A CVSS base score of 8.8 has been assigned.