{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-34069", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-30T06:56:33.381Z", "datePublished": "2024-05-06T14:44:38.780Z", "dateUpdated": "2024-08-02T02:42:59.861Z"}, "containers": {"cna": {"title": "Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"}, {"name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "tags": ["x_refsource_MISC"], "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0004/"}], "affected": [{"vendor": "pallets", "product": "werkzeug", "versions": [{"version": "< 3.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-06T14:44:38.780Z"}, "descriptions": [{"lang": "en", "value": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3."}], "source": {"advisory": "GHSA-2g68-c3qc-8985", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "palletsprojects", "product": "werkzeug", "cpes": ["cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.0.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:54:35.623303Z", "id": "CVE-2024-34069", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:56:20.233Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.861Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"}, {"name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0004/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0004/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.861Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34069", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-12T19:54:35.623303Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*"], "vendor": "palletsprojects", "product": "werkzeug", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-06T17:37:41.861Z"}}], "cna": {"title": "Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution", "source": {"advisory": "GHSA-2g68-c3qc-8985", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pallets", "product": "werkzeug", "versions": [{"status": "affected", "version": "< 3.0.3"}]}], "references": [{"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0004/"}], "descriptions": [{"lang": "en", "value": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-06T14:44:38.780Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34069", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.861Z", "dateReserved": "2024-04-30T06:56:33.381Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-06T14:44:38.780Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3."}, {"lang": "es", "value": "Werkzeug es una librer\u00eda completa de aplicaciones web WSGI. El depurador de las versiones afectadas de Werkzeug puede permitir que un atacante ejecute c\u00f3digo en la m\u00e1quina de un desarrollador en algunas circunstancias. Esto requiere que el atacante consiga que el desarrollador interact\u00fae con un dominio y subdominio que controla e ingrese el PIN del depurador, pero si tiene \u00e9xito, permite el acceso al depurador incluso si solo se est\u00e1 ejecutando en localhost. Esto tambi\u00e9n requiere que el atacante adivine una URL en la aplicaci\u00f3n del desarrollador que activar\u00e1 el depurador. Esta vulnerabilidad se solucion\u00f3 en 3.0.3."}], "id": "CVE-2024-34069", "lastModified": "2024-06-14T13:15:51.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-06T15:15:23.990", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"}, {"source": "security-advisories@github.com", "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20240614-0004/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5810", "cpe": "cpe:/a:redhat:openshift_ironic:4.12::el9", "package": "python-werkzeug-0:2.0.3-6.el9", "product_name": "Ironic content for Red Hat OpenShift Container Platform 4.12", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2024:6016", "cpe": "cpe:/a:redhat:openshift_ironic:4.15::el9", "package": "python-werkzeug-0:2.2.3-3.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-09-05T00:00:00Z"}, {"advisory": "RHSA-2024:5107", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ironic-rhel9:v4.16.0-202408051209.p0.ga428def.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-08-13T00:00:00Z"}], "bugzilla": {"description": "python-werkzeug: user may execute code on a developer's machine", "id": "2279451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279451"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-352", "details": ["Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.", "A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. This issue requires the attacker to get the developer to interact with a domain and subdomain they control and enter the debugger PIN; if they are successful, it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-34069", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Affected", "package_name": "python-werkzeug", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:6", "fix_state": "Affected", "package_name": "python-werkzeug", "product_name": "Red Hat Ceph Storage 6"}, {"cpe": "cpe:/a:redhat:ceph_storage:7", "fix_state": "Affected", "package_name": "python-werkzeug", "product_name": "Red Hat Ceph Storage 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python-werkzeug", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python-werkzeug", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "python-werkzeug", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "impact": "moderate", "package_name": "openstack-designate", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "python-werkzeug", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "python-werkzeug", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "impact": "moderate", "package_name": "python-httpcore", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "impact": "moderate", "package_name": "python-werkzeug", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Out of support scope", "package_name": "python-werkzeug", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:rhui:3", "fix_state": "Out of support scope", "package_name": "python-werkzeug", "product_name": "Red Hat Update Infrastructure 3 for Cloud Providers"}], "public_date": "2024-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34069\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34069\nhttps://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692\nhttps://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"], "statement": "Werkzeug's debugger allows an attacker to potentially execute code on a developer's machine. This can occur if the attacker tricks the developer into interacting with a controlled domain and subdomain and entering the debugger PIN. Although the debugger is meant to run locally, successful exploitation can give the attacker access to it by guessing a specific URL that triggers the debugger. The severity is rate as IMPORTANT because this flaw can potentially impacts confidentiality, integrity, and availability if the attacker can gain control.", "threat_severity": "Important", "upstream_fix": "python-werkzeug 3.0.3"}