======================================================================

                                  CERT-Renater

                        Note d'Information No. 2024/VULN239
_____________________________________________________________________

DATE                : 14/05/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Werkzeug versions prior to 3.0.3.

=====================================================================
https://github.com/advisories/GHSA-2g68-c3qc-8985
_____________________________________________________________________

Werkzeug debugger vulnerable to remote execution when interacting
with attacker controlled domain
High severity GitHub Reviewed Published May 5, 2024 in
pallets/werkzeug • Updated May 6, 2024

Vulnerability details

Package
Werkzeug (pip)

Affected versions
< 3.0.3

Patched versions
3.0.3


Description

The debugger in affected versions of Werkzeug can allow an attacker to
execute code on a developer's machine under some circumstances. This
requires the attacker to get the developer to interact with a domain
and subdomain they control, and enter the debugger PIN, but if they
are successful it allows access to the debugger even if it is only
running on localhost. This also requires the attacker to guess a URL
in the developer's application that will trigger the debugger.
References

     GHSA-2g68-c3qc-8985
     pallets/werkzeug@3386395
     https://nvd.nist.gov/vuln/detail/CVE-2024-34069

@davidism davidism published to pallets/werkzeug May 5, 2024
Published to the GitHub Advisory Database May 6, 2024
Reviewed May 6, 2024
Published by the National Vulnerability Database May 6, 2024
Last updated May 6, 2024


Severity
High

7.5/ 10

CVSS base metrics

Attack vector
Network

Attack complexity
High

Privileges required
None

User interaction
Required

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
High

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses
CWE-352

CVE ID
CVE-2024-34069

GHSA ID
GHSA-2g68-c3qc-8985

Source code
pallets/werkzeug

Credits

     @Ry0taK Ry0taK Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================