CVE-2022-39215 Tauri is a framework for building binaries for desktop platforms. It uses `readDir` to canonicalize its results, which can lead to cross-platform directory listings.
This is a recommended workaround only. An easy way to fix this is by upgrading to a newer version. Alternatively, to prevent this type of attack, it is recommended to avoid symlinks and junctions in paths that are allowed to be accessed. A malicious user could have created a path like /etc/passwd that is allowed in the `tauri.conf.json`, but would actually be a symbolic link inside the `/etc/passwd` path that is not allowed by the `tauri.conf.json`. This can easily be prevented by not allowing any paths that are symlinks or junctions to be accessed by the `readDir` endpoint. A user could also have created a path like /etc/passwd that is not allowed in the `tauri.conf.json`, but could be a symbolic link inside of a path that is allowed in the `tauri.conf.json`. This can easily be prevented by not allowing any paths that are symbolic links to be accessed by the `readDir` endpoint.
Symlinks and Junctions
A malicious user could cause Tauri to crash or malfunction by creating a path like /etc/passwd that is allowed in the `tauri.conf.json`, but would actually be a symbolic link inside the `/etc/passwd` path that is not allowed by the `tauri.conf.json`. This can easily be prevented by not allowing any paths that are symlinks or junctions to be accessed by the `readDir` endpoint.
Timeline
Published on: 09/15/2022 22:15:00 UTC
Last modified on: 09/21/2022 06:12:00 UTC
References
- https://github.com/tauri-apps/tauri/issues/4882
- https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499
- https://github.com/tauri-apps/tauri/pull/5123
- https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39215