Description

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit  068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0

INFO

Published Date :

2024-05-02T13:22:50.829Z

Last Modified :

2024-08-01T20:33:52.518Z

Source :

Google
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4128 vulnerability.

Vendors Products
Google
  • Firebase Command Line Interface
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4128.

URL Resource
https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0 cve-icon cve-icon cve-icon
https://github.com/firebase/firebase-tools/pull/6944 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact