Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Root

Cause

TinaCMS 2.1.7 and earlier, when running the development server via tinacms dev, configures the underlying Vite dev server with the option server.fs.strict: false [1][2]. This disables Vite's built-in filesystem access restriction, which normally prevents arbitrary file reads through the development server's static file handler [2].

Attack

Vector

The TinaCMS middleware only intercepts a limited set of URL path prefixes (e.g., /media/*, /graphql). Any HTTP request to a path outside these routes falls through to Vite's default static file handler, which will serve files directly from the absolute path specified in the URL [2]. An unauthenticated attacker who can reach the dev server (default port 4001) can send requests such as curl http://localhost:4001/etc/passwd to read arbitrary files [2]. Additionally, the server enables permissive CORS headers, which may facilitate browser-based attacks like DNS rebinding [2].

Impact

Attackers can read any file on the host system that the server process has read permissions for, including sensitive system files like /etc/passwd or /etc/shadow [2]. This poses a significant risk in development environments where the dev server port is publicly accessible, such as cloud IDEs (GitHub Codespaces, Gitpod), Docker/VM setups with port forwarding, or misconfigured environments binding to 0.0.0.0 [2].

Mitigation

The vulnerability is fixed in TinaCMS CLI version 2.1.8 [1][2]. Users should upgrade to version 2.1.8 or later. As a workaround, ensure the dev server is not exposed on public networks or bind only to localhost (127.0.0.1).