CVE-2023-46115

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 20, 2023
Updated: Oct 26, 2023
CWE ID 200
CWE ID 522

Summary

CVE-2023-46115: A misconfiguration issue was discovered in the Tauri framework, affecting projects built with Vite frontend and a specific configuration. The vulnerability stems from bundling sensitive keys, such as the private key and updater key password, into the Vite frontend code due to an insecure example configuration in Tauri's Vite guide. Users are advised to rotate their updater private key and update the envPrefix configuration in `vite.config.ts` to prevent the leakage of these keys. To apply the fix, users must generate a new private key using `tauri signer generate` and update the public key on `tauri.conf.json`. It is essential to sign the next application build with the older private key for the update to be accepted. Users not utilizing Vite or modifying the envPrefix configuration are not impacted by this advisory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-46115 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database