Lucene search

MitreCVE-2018-1000006

HistoryJan 24, 2018 - 11:29 p.m.

CVE-2018-1000006

2018-01-2423:29:00

CWE-78

mitre

web.nvd.nist.gov

cve-2018-1000006

github electron

vulnerability

protocol handler

arbitrary command execution

windows

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.97

Percentile

99.8%

JSON

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.

Affected configurations

Nvd

Node

atomelectronMatch1.8.2beta1

atomelectronMatch1.8.2beta2

atomelectronMatch1.8.2beta3

AND

microsoftwindows_10Match-

microsoftwindows_7Match-

microsoftwindows_server_2008Match-

Node

atomelectronRange≤1.7.10

AND

microsoftwindows_10Match-

microsoftwindows_7Match-

microsoftwindows_server_2008Match-

Node

atomelectronRange≤1.6.15

AND

microsoftwindows_10Match-

microsoftwindows_7Match-

microsoftwindows_server_2008Match-

VendorProductVersionCPE
atomelectron1.8.2cpe:2.3:a:atom:electron:1.8.2:beta1:*:*:*:*:*:*
atomelectron1.8.2cpe:2.3:a:atom:electron:1.8.2:beta2:*:*:*:*:*:*
atomelectron1.8.2cpe:2.3:a:atom:electron:1.8.2:beta3:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
atomelectron*cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atom	electron	1.8.2	cpe:2.3:a:atom:electron:1.8.2:beta1::::::
atom	electron	1.8.2	cpe:2.3:a:atom:electron:1.8.2:beta2::::::
atom	electron	1.8.2	cpe:2.3:a:atom:electron:1.8.2:beta3::::::
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
atom	electron	*	cpe:2.3:a:atom:electron::::::::