Plattform
nuxt
Komponente
nuxt
Behoben in
1.3.10
CVE-2024-23657 describes a Path Traversal vulnerability discovered in Nuxt Devtools, a debugging and development tool for Nuxt.js applications. This flaw allows attackers to potentially exfiltrate sensitive data and, in certain configurations, achieve Remote Code Execution (RCE). The vulnerability affects versions of Nuxt Devtools up to and including 1.3.9, with a fix available in version 1.3.9.
The core of the vulnerability lies in the getTextAssetContent RPC function within Nuxt Devtools. This function lacks proper authentication and Origin checks, allowing an attacker to bypass security measures and access arbitrary files on the system where the devtools instance is running. An attacker could leverage this to read configuration files, source code, or other sensitive data. The potential for RCE arises if the attacker can also obtain the devtools authentication token, granting them access to other RPC functions with elevated privileges. This could enable the execution of malicious code on the target system, leading to a complete compromise.
CVE-2024-23657 was publicly disclosed on August 5, 2024. There is currently no indication of active exploitation in the wild, but the availability of a public proof-of-concept could change this rapidly. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential for RCE, warrants careful attention and prompt remediation.
Development teams using Nuxt.js and relying on Nuxt Devtools for debugging and development are at risk. Specifically, those using older versions of Nuxt Devtools (≤ 1.3.9) and those with development environments exposed to untrusted networks are particularly vulnerable. Shared hosting environments where multiple developers share a single Nuxt Devtools instance also present an increased risk.
• nuxt: Examine WebSocket traffic for requests to the getTextAssetContent endpoint without proper authentication.
# Example using tcpdump (adjust interface and filter as needed)
tcpdump -i any -s 0 'tcp port 8080 and "getTextAssetContent"'• generic web: Monitor access logs for unusual file requests originating from the devtools WebSocket handler.
grep -i 'GET /_nuxt/devtools/getTextAssetContent' access.log• generic web: Check response headers for unexpected content types or error codes when accessing the getTextAssetContent endpoint.
• generic web: Inspect the Nuxt Devtools configuration for any exposed or insecure settings.
disclosure
Exploit-Status
EPSS
1.62% (82% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-23657 is to immediately upgrade Nuxt Devtools to version 1.3.9 or later. If upgrading is not immediately feasible, consider isolating the devtools instance from external network access to limit the attack surface. Implement strict firewall rules to restrict access to the WebSocket handler. While not a direct fix, monitoring network traffic for unusual requests to the getTextAssetContent endpoint can provide early detection of potential exploitation attempts. After upgrading, verify the fix by attempting to access a file outside of the intended directory via the getTextAssetContent RPC function; access should be denied.
Actualice Nuxt Devtools a la versión 1.3.9 o superior. Esta versión corrige la vulnerabilidad de path traversal y la falta de validación del origen en el WebSocket. La actualización evitará que atacantes remotos accedan a archivos arbitrarios y potencialmente ejecuten código en su sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23657 is a Path Traversal vulnerability affecting Nuxt Devtools versions up to 1.3.9. It allows attackers to potentially access sensitive files and, in some cases, achieve RCE.
You are affected if you are using Nuxt Devtools version 1.3.9 or earlier. Upgrade to version 1.3.9 or later to mitigate the vulnerability.
The recommended fix is to upgrade Nuxt Devtools to version 1.3.9 or later. As a temporary workaround, implement a WAF or proxy to filter requests to the vulnerable endpoint.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the official Nuxt Devtools release notes and security advisories on the Nuxt website for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.