CVE-2022-39215 - Vulnerability Details - OpenCVE

Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Tauri	Tauri

Configuration 1 [-]

cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/tauri-apps/tauri/issues/4882
https://github.com/tauri-apps/tauri/pull/5123
https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678
https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499

History

Tue, 22 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-15T21:35:11.000Z

Updated: 2025-04-22T17:21:33.273Z

Reserved: 2022-09-02T00:00:00.000Z

Link: CVE-2022-39215

Vulnrichment

Updated: 2024-08-03T12:00:42.497Z

NVD

Status : Modified

Published: 2022-09-15T22:15:11.527

Modified: 2024-11-21T07:17:48.317

Link: CVE-2022-39215

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "tauri", "vendor": "tauri-apps", "versions": [{"status": "affected", "version": "< 1.0.6"}]}], "descriptions": [{"lang": "en", "value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T21:35:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tauri-apps/tauri/issues/4882"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tauri-apps/tauri/pull/5123"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"}], "source": {"advisory": "GHSA-28m8-9j7v-x499", "discovery": "UNKNOWN"}, "title": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39215", "STATE": "PUBLIC", "TITLE": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tauri", "version": {"version_data": [{"version_value": "< 1.0.6"}]}}]}, "vendor_name": "tauri-apps"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499", "refsource": "CONFIRM", "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"}, {"name": "https://github.com/tauri-apps/tauri/issues/4882", "refsource": "MISC", "url": "https://github.com/tauri-apps/tauri/issues/4882"}, {"name": "https://github.com/tauri-apps/tauri/pull/5123", "refsource": "MISC", "url": "https://github.com/tauri-apps/tauri/pull/5123"}, {"name": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678", "refsource": "MISC", "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"}]}, "source": {"advisory": "GHSA-28m8-9j7v-x499", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.497Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tauri-apps/tauri/issues/4882"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tauri-apps/tauri/pull/5123"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:39:32.741893Z", "id": "CVE-2022-39215", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T17:21:33.273Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39215", "datePublished": "2022-09-15T21:35:11.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-22T17:21:33.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/tauri-apps/tauri/issues/4882", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tauri-apps/tauri/pull/5123", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:42.497Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-39215", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T15:39:32.741893Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:39:34.025Z"}}], "cna": {"title": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri", "source": {"advisory": "GHSA-28m8-9j7v-x499", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "tauri-apps", "product": "tauri", "versions": [{"status": "affected", "version": "< 1.0.6"}]}], "references": [{"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tauri-apps/tauri/issues/4882", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tauri-apps/tauri/pull/5123", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-09-15T21:35:11.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, "source": {"advisory": "GHSA-28m8-9j7v-x499", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 1.0.6"}]}, "product_name": "tauri"}]}, "vendor_name": "tauri-apps"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499", "name": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499", "refsource": "CONFIRM"}, {"url": "https://github.com/tauri-apps/tauri/issues/4882", "name": "https://github.com/tauri-apps/tauri/issues/4882", "refsource": "MISC"}, {"url": "https://github.com/tauri-apps/tauri/pull/5123", "name": "https://github.com/tauri-apps/tauri/pull/5123", "refsource": "MISC"}, {"url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678", "name": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-39215", "STATE": "PUBLIC", "TITLE": "The readDir Endpoint Scope can be Bypassed With Symbolic Links in Tauri", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-39215", "state": "PUBLISHED", "dateUpdated": "2025-04-22T17:21:33.273Z", "dateReserved": "2022-09-02T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-09-15T21:35:11.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tauri:tauri:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE5A2510-1D82-4D06-BFDC-08FA3942EDC8", "versionEndExcluding": "1.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`."}, {"lang": "es", "value": "Tauri es un framework para construir binarios para las principales plataformas de escritorio. Debido a una falta de canonizaci\u00f3n cuando es llamada recursivamente a \"readDir\", era posible mostrar listados de directorios fuera del \u00e1mbito definido de \"fs\". Esto requer\u00eda un enlace simb\u00f3lico dise\u00f1ado o una carpeta de uni\u00f3n dentro de una ruta permitida del \u00e1mbito \"fs\". No se pod\u00eda filtrar contenido de archivos arbitrarios. El problema ha sido resuelto en versi\u00f3n 1.0.6 y la implementaci\u00f3n ahora comprueba apropiadamente si el (sub)directorio solicitado es un enlace simb\u00f3lico fuera del \u00e1mbito definido. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizarse deber\u00e1n deshabilitar el endpoint \"readDir\" en \"allowlist\" dentro de \"tauri.conf.json\""}], "id": "CVE-2022-39215", "lastModified": "2024-11-21T07:17:48.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-15T22:15:11.527", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/issues/4882"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/pull/5123"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/issues/4882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/pull/5123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/pull/5123/commits/1f9b9e8d26a2c915390323e161020bcb36d44678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/tauri-apps/tauri/security/advisories/GHSA-28m8-9j7v-x499"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}