Lucene search

GitHub_MCVE-2022-29247

HistoryJun 13, 2022 - 9:15 p.m.

CVE-2022-29247

2022-06-1321:15:07

CWE-668

GitHub_M

web.nvd.nist.gov

474

electron

framework

javascript

html

css

vulnerability

cve-2022-29247

security

ipc

renderer

nodeintegrationinsubframes

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer. The nodeIntegrationInSubFrames option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then nodeIntegrationInSubFrames just gives access to the sandboxed renderer APIs, which include ipcRenderer. If the application then additionally exposes IPC messages without IPC senderFrame validation that perform privileged actions or return confidential data this access to ipcRenderer can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate senderFrame.

Affected configurations

Nvd

Vulners

Node

electronjselectronRange<15.5.5

electronjselectronRange16.0.1–16.2.6

electronjselectronRange17.0.1–17.2.0

electronjselectronMatch16.0.0beta1

electronjselectronMatch16.0.0beta2

electronjselectronMatch16.0.0beta3

electronjselectronMatch16.0.0beta4

electronjselectronMatch16.0.0beta5

electronjselectronMatch16.0.0beta6

electronjselectronMatch16.0.0beta7

electronjselectronMatch16.0.0beta8

electronjselectronMatch16.0.0beta9

electronjselectronMatch17.0.0beta1

electronjselectronMatch17.0.0beta2

electronjselectronMatch17.0.0beta3

electronjselectronMatch17.0.0beta4

electronjselectronMatch17.0.0beta5

electronjselectronMatch17.0.0beta6

electronjselectronMatch17.0.0beta7

electronjselectronMatch17.0.0beta8

electronjselectronMatch17.0.0beta9

electronjselectronMatch18.0.0beta1

electronjselectronMatch18.0.0beta2

electronjselectronMatch18.0.0beta3

electronjselectronMatch18.0.0beta4

electronjselectronMatch18.0.0beta5

VendorProductVersionCPE
electronjselectron*cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*
electronjselectron16.0.0cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*

Vendor	Product	Version	CPE
electronjs	electron	*	cpe:2.3:a:electronjs:electron::::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta1::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta2::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta3::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta4::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta5::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta6::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta7::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta8::::::
electronjs	electron	16.0.0	cpe:2.3:a:electronjs:electron:16.0.0:beta9::::::

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "electron",
    "vendor": "electron",
    "versions": [
      {
        "status": "affected",
        "version": "< 15.5.5"
      },
      {
        "status": "affected",
        "version": ">= 16.0.0-beta.1, < 16.2.6"
      },
      {
        "status": "affected",
        "version": ">= 17.0.0-beta.1, < 17.2.0"
      },
      {
        "status": "affected",
        "version": ">= 18.0.0-beta.1, <= 18.0.0-beta.5"
      }
    ]
  }
]

References

github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7

Social References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

66.0%

JSON

Related for CVE-2022-29247