FKIE_CVE-2020-15215
Vulnerability from fkie_nvd - Published: 2020-10-06 18:15 - Updated: 2024-11-21 05:05
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6F890386-0034-4831-88D2-FDAFCD7F0E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CAE00E66-4F55-4A96-9AF6-DF0212A57052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B080C8F3-3715-4FB1-AFB0-D43D498AC010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF0D930E-1018-46EB-8002-C73A97EF902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "ED9C844C-14ED-4371-BE21-16EC7F7824E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF26C943-D81E-45EA-902D-62C9973AC8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "907D7F4B-BFA1-43D7-87A7-771D8CAA5637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B8B505B2-E756-4621-80F8-D59B0AB567BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AF99DB03-5FC2-4FD9-9C18-F18F03FC7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "21851053-E851-4B7D-924F-602077DFE071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B48F49CE-4D63-454A-92B0-51655F5473A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B07BDAF8-F28F-4B1C-B135-BDB0322289D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9E19D2FD-F800-4966-A3F8-11FC843089BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "11F9629D-D8EB-418A-BDD4-AF21034CF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9A97B7D2-5A5A-4C2F-9926-0CFAEA12D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0E4FD779-32BF-43E0-99F0-C6B3E084D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D4010776-46D9-4E73-B2BC-6A736E0D192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "68C4E052-46E3-4152-B95A-A8C26330AA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F03D63BE-0BB0-4492-9CED-AB97454257D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "68489F71-36D5-4947-94CF-740D70028948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "14AC17C6-3780-4779-A95A-1DAAD799FE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E0B61270-F062-4286-BFE4-D90251264B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97237970-8734-45F5-A77C-71E9189FEB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7482B3C9-3568-4E7F-B4B9-85E1ABD96A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5D4D6ACF-8EB1-4058-9052-055C151D066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "3A9B536A-1CDD-414C-8C49-11466C7A131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "43C61192-2258-466B-B222-225C99983355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D3D2AA53-DCC7-40F9-9BA6-BC27B73EACC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B022C207-380A-4D1F-B710-F97AD68EB62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CA36A42A-5DFE-4A92-B9E9-E2FAB651439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "75B4DDBC-A3B3-4A5A-9D13-177D8E7459CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "935D2315-3FF2-4402-8A83-A7362939E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E9F2D5B4-8BE8-4225-ABE7-385E6E796EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5FA64D-C502-43B2-AE3A-60900B938441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "994B6421-EFF6-43E6-AF93-1ED493DD33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "EFD0253D-47B6-4412-B1F4-4AD53636C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "96EDD4F1-A756-4937-A792-FFA60774F131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.6:-:*:*:*:*:*:*",
"matchCriteriaId": "7C0AAB78-7E51-4E68-A64F-3E65346B87F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CF98CC1-9B45-463A-B342-763B2B35FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AC3A997F-4F2A-461E-A740-EF740F427034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "203B5D41-86AE-4EB1-9623-201CE0259E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A6BA120D-1953-470A-9022-8C1365FDA033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0A544F21-ABCA-41A5-9D7A-0D19B2E3E41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E3FB9AC-A471-461C-9C2D-3FEA3487A8F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F91413A0-0820-4714-BF94-16FC961CC9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "5EF21A1C-3BDF-40CB-9BAD-9192BBC845C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "54D63BBE-11E5-4E25-BFF3-368653FAD8C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "70F61C9A-104E-47E3-A46D-198651075460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "56DE863F-2D6B-482D-9445-3AA76DCD9B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C1480FDF-4A57-4C08-A497-69010747562D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "37690A80-D6EC-40FA-ADE2-55B4011FB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "EE8836CC-F620-4C83-A398-D2068FECB5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E8D7AA38-6CE2-4DEC-85BE-6329F37800FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
},
{
"lang": "es",
"value": "Electron anteriores a las versiones 11.0.0-beta.6, 10.1.2, 9.3.1 o 8.5.2, es vulnerable a una omisi\u00f3n de aislamiento de contexto.\u0026#xa0;Las aplicaciones que usan tanto \"contextIsolation\" como \"sandbox: true\" est\u00e1n afectadas.\u0026#xa0;Las aplicaciones que usan \"contextIsolation\" y \"nodeIntegrationInSubFrames: true\" est\u00e1n afectadas.\u0026#xa0;Esta es una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto main world en el renderizador puede llegar al contexto de Electron aislado y realizar acciones privilegiadas"
}
],
"id": "CVE-2020-15215",
"lastModified": "2024-11-21T05:05:06.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T18:15:14.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
},
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…