CVE-2022-39215 is a medium-severity path traversal vulnerability affecting versions of the Tauri framework prior to 1.0.6. Tauri is a popular framework used to build cross-platform desktop applications by bundling web technologies into native binaries. The vulnerability arises from improper canonicalization in the recursive implementation of the `readDir` API endpoint, which is used to list directory contents within a defined filesystem scope (`fs` scope). Specifically, when `readDir` is called recursively, the framework fails to correctly resolve symbolic links or junction folders that point outside the allowed directory scope. An attacker who can influence the directory structure within the allowed scope can craft symbolic links or junctions that redirect the directory traversal outside the intended boundaries. This allows the application to display directory listings of files and folders outside the restricted scope. However, the vulnerability does not allow arbitrary file content disclosure, only directory listings. The issue was addressed in Tauri version 1.0.6 by adding proper checks to ensure that any symbolic link or junction folder resolved during recursive directory reads remains within the defined scope. Until users upgrade, the recommended mitigation is to disable the `readDir` endpoint in the allowlist configuration (`tauri.conf.json`). There are no known exploits in the wild, and the vulnerability requires the attacker to have some level of influence over the directory structure within the allowed scope, but no authentication or user interaction is explicitly required for exploitation if the application exposes the vulnerable endpoint. This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).

For European organizations using Tauri-based desktop applications, this vulnerability could lead to unauthorized exposure of directory structures outside intended application boundaries. While no direct file content leakage is possible, directory listings can reveal sensitive information about the file system layout, presence of specific files or directories, and potentially aid in further targeted attacks or reconnaissance. This could impact confidentiality by exposing metadata about the file system. Integrity and availability are not directly affected by this vulnerability. Organizations in sectors where sensitive data is handled on desktop applications, such as finance, healthcare, or government, may find this exposure problematic. The risk is higher if the vulnerable Tauri applications are used in environments with sensitive or regulated data. Since Tauri is a framework, the actual impact depends on how the affected applications implement and expose the `readDir` functionality. European organizations relying on custom or third-party Tauri apps that have not been updated to version 1.0.6 or later remain vulnerable. The lack of known exploits in the wild reduces immediate risk, but the presence of this vulnerability in a widely used framework warrants prompt attention to prevent potential future exploitation.

Upgrade all Tauri framework instances to version 1.0.6 or later, where the vulnerability is fixed by proper symbolic link resolution checks. For applications that cannot immediately upgrade, disable the `readDir` endpoint in the `allowlist` configuration (`tauri.conf.json`) to prevent recursive directory listing calls that could be exploited. Review and audit any custom Tauri applications for exposure of the `readDir` API or similar filesystem access endpoints, ensuring they do not allow untrusted input to influence directory traversal. Implement strict input validation and sanitization on any user-supplied paths or symbolic link inputs within Tauri applications to prevent crafted links from escaping the intended scope. Monitor application logs for unusual directory listing requests or attempts to access symbolic links/junctions that could indicate exploitation attempts. Educate developers using Tauri about secure filesystem access patterns and the importance of canonicalization when handling file paths, especially when symbolic links are involved.