GSD-2023-40168

Vulnerability from gsd - Updated: 2023-12-13 01:20
Details
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources.
Aliases
Aliases
CVE-2023-40168
To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-40168",
    "id": "GSD-2023-40168"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-40168"
      ],
      "details": "TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources.",
      "id": "GSD-2023-40168",
      "modified": "2023-12-13T01:20:43.756047Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-40168",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "desktop",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.8.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TurboWarp"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-863",
                "lang": "eng",
                "value": "CWE-863: Incorrect Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q",
            "refsource": "MISC",
            "url": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q"
          },
          {
            "name": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6",
            "refsource": "MISC",
            "url": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6"
          },
          {
            "name": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267",
            "refsource": "MISC",
            "url": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267"
          },
          {
            "name": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f",
            "refsource": "MISC",
            "url": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-wg4p-vj7h-q82q",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:turbowarp:turbowarp_desktop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-40168"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/TurboWarp/desktop/security/advisories/GHSA-wg4p-vj7h-q82q"
            },
            {
              "name": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/TurboWarp/desktop/commit/55e07e99b59db334d75e8f46792a1569ab0884a6"
            },
            {
              "name": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/TurboWarp/desktop/commit/f0f82aaf6cc8170e9da8b36953c98bfe533c019f"
            },
            {
              "name": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/TurboWarp/desktop/commit/a62dbd7a28b41857e3b6f32443fda0527d493267"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-24T15:04Z",
      "publishedDate": "2023-08-17T20:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.