Nuxt Devtools Vulnerability Allows Path Traversal and RCE
CVE-2024-23657

8.8HIGH

Key Information:

Vendor
Nuxt
Status
Nuxt
Vendor
CVE Published:
5 August 2024

Summary

The Nuxt Devtools framework, part of the Nuxt ecosystem for developing web applications with Vue.js, faces a significant vulnerability due to insufficient authentication and checks in the RPC functions. The getTextAssetContent function's lack of path traversal validation allows attackers to read arbitrary files via the RPC WebSocket. Additionally, the absence of Origin checks on the WebSocket server opens doors for cross-site WebSocket hijacking, enabling unauthorized access. Attackers can thus exploit these vulnerabilities to interact with a local devtools instance, potentially exfiltrating sensitive data and leveraging obtained authentication tokens to implement remote code execution. Users are strongly advised to upgrade to version 1.3.9, which addresses these security issues, as there are no workarounds available.

Affected Version(s)

nuxt < 1.3.9

References

https://github.com/nuxt/nuxt/security/advisories/GHSA-rcv...
x_refsource_CONFIRM
https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61...
x_refsource_MISC
https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.