Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15215 (GCVE-0-2020-15215)
Vulnerability from cvelistv5 – Published: 2020-10-06 18:00 – Updated: 2024-08-04 13:08
VLAI?
EPSS
Title
Context isolation bypass in Electron
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Severity ?
5.6 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
},
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
},
{
"status": "affected",
"version": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
},
{
"status": "affected",
"version": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T18:00:17.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"source": {
"advisory": "GHSA-56pc-6jqp-xqj8",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15215",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
},
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
},
{
"version_value": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
},
{
"version_value": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
]
},
"source": {
"advisory": "GHSA-56pc-6jqp-xqj8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15215",
"datePublished": "2020-10-06T18:00:17.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2020-15215
Vulnerability from fkie_nvd - Published: 2020-10-06 18:15 - Updated: 2024-11-21 05:05
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6F890386-0034-4831-88D2-FDAFCD7F0E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CAE00E66-4F55-4A96-9AF6-DF0212A57052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B080C8F3-3715-4FB1-AFB0-D43D498AC010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF0D930E-1018-46EB-8002-C73A97EF902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "ED9C844C-14ED-4371-BE21-16EC7F7824E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF26C943-D81E-45EA-902D-62C9973AC8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "907D7F4B-BFA1-43D7-87A7-771D8CAA5637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B8B505B2-E756-4621-80F8-D59B0AB567BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AF99DB03-5FC2-4FD9-9C18-F18F03FC7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "21851053-E851-4B7D-924F-602077DFE071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B48F49CE-4D63-454A-92B0-51655F5473A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B07BDAF8-F28F-4B1C-B135-BDB0322289D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9E19D2FD-F800-4966-A3F8-11FC843089BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "11F9629D-D8EB-418A-BDD4-AF21034CF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9A97B7D2-5A5A-4C2F-9926-0CFAEA12D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0E4FD779-32BF-43E0-99F0-C6B3E084D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D4010776-46D9-4E73-B2BC-6A736E0D192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "68C4E052-46E3-4152-B95A-A8C26330AA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F03D63BE-0BB0-4492-9CED-AB97454257D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "68489F71-36D5-4947-94CF-740D70028948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "14AC17C6-3780-4779-A95A-1DAAD799FE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E0B61270-F062-4286-BFE4-D90251264B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97237970-8734-45F5-A77C-71E9189FEB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7482B3C9-3568-4E7F-B4B9-85E1ABD96A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5D4D6ACF-8EB1-4058-9052-055C151D066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "3A9B536A-1CDD-414C-8C49-11466C7A131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "43C61192-2258-466B-B222-225C99983355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D3D2AA53-DCC7-40F9-9BA6-BC27B73EACC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B022C207-380A-4D1F-B710-F97AD68EB62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CA36A42A-5DFE-4A92-B9E9-E2FAB651439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "75B4DDBC-A3B3-4A5A-9D13-177D8E7459CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "935D2315-3FF2-4402-8A83-A7362939E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E9F2D5B4-8BE8-4225-ABE7-385E6E796EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5FA64D-C502-43B2-AE3A-60900B938441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "994B6421-EFF6-43E6-AF93-1ED493DD33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "EFD0253D-47B6-4412-B1F4-4AD53636C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "96EDD4F1-A756-4937-A792-FFA60774F131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.6:-:*:*:*:*:*:*",
"matchCriteriaId": "7C0AAB78-7E51-4E68-A64F-3E65346B87F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CF98CC1-9B45-463A-B342-763B2B35FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AC3A997F-4F2A-461E-A740-EF740F427034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "203B5D41-86AE-4EB1-9623-201CE0259E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A6BA120D-1953-470A-9022-8C1365FDA033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0A544F21-ABCA-41A5-9D7A-0D19B2E3E41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E3FB9AC-A471-461C-9C2D-3FEA3487A8F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F91413A0-0820-4714-BF94-16FC961CC9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "5EF21A1C-3BDF-40CB-9BAD-9192BBC845C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "54D63BBE-11E5-4E25-BFF3-368653FAD8C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "70F61C9A-104E-47E3-A46D-198651075460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "56DE863F-2D6B-482D-9445-3AA76DCD9B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C1480FDF-4A57-4C08-A497-69010747562D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "37690A80-D6EC-40FA-ADE2-55B4011FB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "EE8836CC-F620-4C83-A398-D2068FECB5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E8D7AA38-6CE2-4DEC-85BE-6329F37800FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
},
{
"lang": "es",
"value": "Electron anteriores a las versiones 11.0.0-beta.6, 10.1.2, 9.3.1 o 8.5.2, es vulnerable a una omisi\u00f3n de aislamiento de contexto.\u0026#xa0;Las aplicaciones que usan tanto \"contextIsolation\" como \"sandbox: true\" est\u00e1n afectadas.\u0026#xa0;Las aplicaciones que usan \"contextIsolation\" y \"nodeIntegrationInSubFrames: true\" est\u00e1n afectadas.\u0026#xa0;Esta es una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto main world en el renderizador puede llegar al contexto de Electron aislado y realizar acciones privilegiadas"
}
],
"id": "CVE-2020-15215",
"lastModified": "2024-11-21T05:05:06.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T18:15:14.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
},
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-56PC-6JQP-XQJ8
Vulnerability from github – Published: 2020-10-06 17:46 – Updated: 2021-01-07 22:51
VLAI?
Summary
Context isolation bypass in Electron
Details
Impact
Apps using both contextIsolation and sandbox: true are affected.
Apps using both contextIsolation and nativeWindowOpen: true are affected.
This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Workarounds
There are no app-side workarounds, you must update your Electron version to be protected.
Fixed Versions
11.0.0-beta.610.1.29.3.18.5.2
For more information
If you have any questions or comments about this advisory: * Email us at security@electronjs.org
Severity ?
5.6 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0-beta.0"
},
{
"fixed": "8.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0-beta.0"
},
{
"fixed": "9.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0-beta.0"
},
{
"fixed": "10.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.0.0-beta.5"
},
"package": {
"ecosystem": "npm",
"name": "electron"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-beta.0"
},
{
"fixed": "11.0.0-beta.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15215"
],
"database_specific": {
"cwe_ids": [
"CWE-668",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2020-10-06T17:46:06Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\nApps using both `contextIsolation` and `sandbox: true` are affected.\nApps using both `contextIsolation` and `nativeWindowOpen: true` are affected.\n\nThis is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\n### Workarounds\nThere are no app-side workarounds, you must update your Electron version to be protected.\n\n### Fixed Versions\n* `11.0.0-beta.6`\n* `10.1.2`\n* `9.3.1`\n* `8.5.2`\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@electronjs.org](mailto:security@electronjs.org)",
"id": "GHSA-56pc-6jqp-xqj8",
"modified": "2021-01-07T22:51:36Z",
"published": "2020-10-06T17:46:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15215"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Context isolation bypass in Electron"
}
GSD-2020-15215
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15215",
"description": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.",
"id": "GSD-2020-15215"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15215"
],
"details": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.",
"id": "GSD-2020-15215",
"modified": "2023-12-13T01:21:43.517883Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15215",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
},
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
},
{
"version_value": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
},
{
"version_value": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
]
},
"source": {
"advisory": "GHSA-56pc-6jqp-xqj8",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=8.0.0 \u003c=8.0.3||\u003e=8.1.0 \u003c=8.1.1||\u003e=8.2.0 \u003c=8.2.5||\u003e=8.3.0 \u003c=8.3.4||\u003e=8.4.0 \u003c=8.4.1||\u003e=8.5.0 \u003c=8.5.1||\u003e=9.0.0 \u003c=9.0.6||\u003e=9.1.0 \u003c=9.1.2||\u003e=9.2.0 \u003c=9.2.1||=9.3.0||\u003e=10.0.0 \u003c=10.0.1||\u003e=10.1.0 \u003c=10.1.1||=11.0.0",
"affected_versions": "All versions starting from 8.0.0 up to 8.0.3, all versions starting from 8.1.0 up to 8.1.1, all versions starting from 8.2.0 up to 8.2.5, all versions starting from 8.3.0 up to 8.3.4, all versions starting from 8.4.0 up to 8.4.1, all versions starting from 8.5.0 up to 8.5.1, all versions starting from 9.0.0 up to 9.0.6, all versions starting from 9.1.0 up to 9.1.2, all versions starting from 9.2.0 up to 9.2.1, version 9.3.0, all versions starting from 10.0.0 up to 10.0.1, all versions starting from 10.1.0 up to 10.1.1, version 11.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-668",
"CWE-693",
"CWE-937"
],
"date": "2020-10-19",
"description": "Electron is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.",
"fixed_versions": [
"8.5.2",
"9.3.1",
"10.1.2"
],
"identifier": "CVE-2020-15215",
"identifiers": [
"CVE-2020-15215",
"GHSA-56pc-6jqp-xqj8"
],
"not_impacted": "All versions before 8.0.0, all versions after 8.0.3 before 8.1.0, all versions after 8.1.1 before 8.2.0, all versions after 8.2.5 before 8.3.0, all versions after 8.3.4 before 8.4.0, all versions after 8.4.1 before 8.5.0, all versions after 8.5.1 before 9.0.0, all versions after 9.0.6 before 9.1.0, all versions after 9.1.2 before 9.2.0, all versions after 9.2.1 before 9.3.0, all versions after 9.3.0 before 10.0.0, all versions after 10.0.1 before 10.1.0, all versions after 10.1.1 before 11.0.0, all versions after 11.0.0",
"package_slug": "npm/electron",
"pubdate": "2020-10-06",
"solution": "Upgrade to versions 8.5.2, 9.3.1, 10.1.2 or above.",
"title": "Exposure of Resource to Wrong Sphere",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15215"
],
"uuid": "18a5537f-204f-40db-a442-0e3363f94de2"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.0:beta9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.0.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.1.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.2.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.3.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.3.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.3.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.3.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.4.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.4.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.5.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:8.5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.0.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.1.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.1.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.2.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:9.3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta18:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta22:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:10.1.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15215"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
},
{
"lang": "en",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
},
"lastModifiedDate": "2020-10-19T14:09Z",
"publishedDate": "2020-10-06T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…