Vulnerabilities > CVE-2023-7078 - Server-Side Request Forgery (SSRF) vulnerability in Cloudflare Miniflare 3.20230821.0

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

low complexity

cloudflare

CWE-918

NVD

Published: 2023-12-29

Updated: 2024-01-05

Summary

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.

Vulnerable Configurations

Part	Description	Count
Application	Cloudflare Cloudflare Miniflare 3.20230821.0	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7
https://github.com/cloudflare/workers-sdk/pull/4532