Nuxt DevTools Cross-Site Scripting Vulnerability Allowing Authentication Token Extraction
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Nuxt DevTools versions prior to 2.6.4. This issue allowed for the extraction of Nuxt authentication tokens under certain configurations. The vulnerability exists on the DevTools authentication page, where error messages were not properly sanitized, enabling DOM-based XSS. An attacker could exploit this to steal authentication tokens and, by leveraging a path traversal vulnerability in the WebSocket message handler, write arbitrary files outside the intended directory, potentially leading to remote code execution.
Impact
Exploitation of this vulnerability allowed for cross-site scripting, which could be used to extract authentication tokens. Additionally, a path traversal vulnerability in the WebSocket message handler could be exploited to write arbitrary files outside the intended directory, leading to remote code execution by overwriting configuration files.
Remediation
Users are advised to upgrade to Nuxt DevTools version 2.6.4. For those using Nuxt in production, it is recommended to avoid publicly exposing Nuxt DevTools or running Nuxt in development mode.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.