CVE-2023-7080

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Dec 29, 2023

Updated: Jan 5, 2024

CWE ID 269

Summary

CVE-2023-7080 is a vulnerability in the V8 inspector of Cloudflare's Wrangler tool, which allows arbitrary code execution within the Workers sandbox for debugging. This issue was exploitable when an attacker on the local network connected to the inspector server, as it did not validate Origin/Host headers, allowing any user on the local network to run code. Previous versions of Wrangler, specifically [email protected] and below, also had an SSRF vulnerability (CVE-2023-7078) that granted access to the local network. [email protected] and [email protected] have been released to address both vulnerabilities, with the inspector server now listening only on local interfaces by default and validating Origin/Host headers to prevent arbitrary code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

CloudFlare

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-7080 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database