5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-39215

GHSA ID

GHSA-28m8-9j7v-x499

EPSS Score

0.35241%

CWE

CWE-22

Published

9/16/2022

Updated

2/7/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-39215

CVE-2022-39215: Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links

Impact

Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. No arbitrary file content could be leaked.

Patches

The issue has been resolved in https://github.com/tauri-apps/tauri/pull/5123 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined scope.

Workarounds

Disable the readDir endpoint in the allowlist inside the tauri.conf.json.

For more information

This issue was initially reported by martin-ocasek in #4882.

If you have any questions or comments about this advisory:

Open an issue in tauri
Email us at security@tauri.app

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-39215

CVE-2022-39215:

5.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-39215

GHSA ID

GHSA-28m8-9j7v-x499

EPSS Score

0.35241%

CWE

CWE-22

Published

9/16/2022

Updated

2/7/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tauri	rust	< 1.0.6	1.0.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key points:

The core directory reading implementation (read_dir) recursively followed symlinks without checking if they were allowed by the security scope.
The endpoint handler didn't pass the security scope context to the directory reading function.

The commit diff shows:

read_dir was modified to become read_dir_with_options
Added symlink detection (is_symlink function)
Added scope checking before recursing into directories
The endpoint handler was updated to pass the security scope

Before the patch, the recursive read_dir would follow symlinks without scope validation, and the endpoint didn't enforce scope context during directory traversal.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-39215: Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links

Impact

Patches

Workarounds

For more information

CVE-2022-39215:

5.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-39215: Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links

Impact

Patches

Workarounds

For more information

5.8

5.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI