CVE-2024-21625 (GCVE-0-2024-21625)
Vulnerability from cvelistv5 – Published: 2024-01-04 14:48 – Updated: 2024-09-04 20:30
VLAI?
Summary
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SideQuestVR | SideQuest |
Affected:
< 0.10.35
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T18:57:51.463810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:30:54.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SideQuest",
"vendor": "SideQuestVR",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.35"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T14:48:34.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7"
}
],
"source": {
"advisory": "GHSA-3v86-cf9q-x4x7",
"discovery": "UNKNOWN"
},
"title": "One-click remote code execution via malicious deep link"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21625",
"datePublished": "2024-01-04T14:48:34.782Z",
"dateReserved": "2023-12-29T03:00:44.953Z",
"dateUpdated": "2024-09-04T20:30:54.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.10.35\", \"matchCriteriaId\": \"48037EDB-FCDF-432F-A461-BBBE656927E6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.\"}, {\"lang\": \"es\", \"value\": \"SideQuest es un lugar para conseguir aplicaciones de realidad virtual para Oculus Quest. La aplicaci\\u00f3n de escritorio SideQuest utiliza enlaces profundos con un protocolo personalizado (`sidequest://`) para activar acciones en la aplicaci\\u00f3n desde su contenido web. Debido a que, antes de la versi\\u00f3n 0.10.35, las URL de los enlaces profundos no se sanitizaban adecuadamente en todos los casos, se puede lograr una ejecuci\\u00f3n remota de c\\u00f3digo con un solo clic en los casos en que cuando un dispositivo est\\u00e1 conectado, al usuario se le presenta un enlace malicioso y hace clic en \\u00e9l. desde dentro de la aplicaci\\u00f3n. A partir de la versi\\u00f3n 0.10.35, los enlaces de protocolo personalizados dentro de la aplicaci\\u00f3n electr\\u00f3nica ahora se analizan y sanitizan correctamente.\"}]",
"id": "CVE-2024-21625",
"lastModified": "2024-11-21T08:54:45.050",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-01-04T15:15:11.030",
"references": "[{\"url\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21625\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-04T15:15:11.030\",\"lastModified\":\"2024-11-21T08:54:45.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.\"},{\"lang\":\"es\",\"value\":\"SideQuest es un lugar para conseguir aplicaciones de realidad virtual para Oculus Quest. La aplicaci\u00f3n de escritorio SideQuest utiliza enlaces profundos con un protocolo personalizado (`sidequest://`) para activar acciones en la aplicaci\u00f3n desde su contenido web. Debido a que, antes de la versi\u00f3n 0.10.35, las URL de los enlaces profundos no se sanitizaban adecuadamente en todos los casos, se puede lograr una ejecuci\u00f3n remota de c\u00f3digo con un solo clic en los casos en que cuando un dispositivo est\u00e1 conectado, al usuario se le presenta un enlace malicioso y hace clic en \u00e9l. desde dentro de la aplicaci\u00f3n. A partir de la versi\u00f3n 0.10.35, los enlaces de protocolo personalizados dentro de la aplicaci\u00f3n electr\u00f3nica ahora se analizan y sanitizan correctamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sidequestvr:sidequest:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.10.35\",\"matchCriteriaId\":\"48037EDB-FCDF-432F-A461-BBBE656927E6\"}]}]}],\"references\":[{\"url\":\"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"name\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:35.808Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21625\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-13T18:57:51.463810Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T20:30:50.078Z\"}}], \"cna\": {\"title\": \"One-click remote code execution via malicious deep link\", \"source\": {\"advisory\": \"GHSA-3v86-cf9q-x4x7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"SideQuestVR\", \"product\": \"SideQuest\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.10.35\"}]}], \"references\": [{\"url\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"name\": \"https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-04T14:48:34.782Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21625\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-04T20:30:54.564Z\", \"dateReserved\": \"2023-12-29T03:00:44.953Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-04T14:48:34.782Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…