Lucene search
GitHub_MCVE-2020-15215HistoryOct 06, 2020 - 6:15 p.m.
CVE-2020-15215
2020-10-0618:15:14
CWE-693
CWE-668
GitHub_M
web.nvd.nist.gov
38
electron
context isolation
vulnerability
cve-2020-15215
nvd
security advisory
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
39.5%
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Affected configurations
Node
electronjselectronMatch8.0.0-
ORelectronjselectronMatch8.0.0beta0
ORelectronjselectronMatch8.0.0beta1
ORelectronjselectronMatch8.0.0beta2
ORelectronjselectronMatch8.0.0beta3
ORelectronjselectronMatch8.0.0beta4
ORelectronjselectronMatch8.0.0beta5
ORelectronjselectronMatch8.0.0beta6
ORelectronjselectronMatch8.0.0beta7
ORelectronjselectronMatch8.0.0beta8
ORelectronjselectronMatch8.0.0beta9
ORelectronjselectronMatch8.0.1-
ORelectronjselectronMatch8.0.2-
ORelectronjselectronMatch8.0.3-
ORelectronjselectronMatch8.1.0-
ORelectronjselectronMatch8.1.1-
ORelectronjselectronMatch8.2.0-
ORelectronjselectronMatch8.2.1-
ORelectronjselectronMatch8.2.2-
ORelectronjselectronMatch8.2.3-
ORelectronjselectronMatch8.2.4-
ORelectronjselectronMatch8.2.5-
ORelectronjselectronMatch8.3.0-
ORelectronjselectronMatch8.3.1-
ORelectronjselectronMatch8.3.2-
ORelectronjselectronMatch8.3.3-
ORelectronjselectronMatch8.3.4-
ORelectronjselectronMatch8.4.0-
ORelectronjselectronMatch8.4.1-
ORelectronjselectronMatch8.5.0-
ORelectronjselectronMatch8.5.1-
ORelectronjselectronMatch9.0.0-
ORelectronjselectronMatch9.0.0beta0
ORelectronjselectronMatch9.0.0beta1
ORelectronjselectronMatch9.0.0beta10
ORelectronjselectronMatch9.0.0beta11
ORelectronjselectronMatch9.0.0beta12
ORelectronjselectronMatch9.0.0beta13
ORelectronjselectronMatch9.0.0beta14
ORelectronjselectronMatch9.0.0beta15
ORelectronjselectronMatch9.0.0beta16
ORelectronjselectronMatch9.0.0beta17
ORelectronjselectronMatch9.0.0beta18
ORelectronjselectronMatch9.0.0beta19
ORelectronjselectronMatch9.0.0beta2
ORelectronjselectronMatch9.0.0beta20
ORelectronjselectronMatch9.0.0beta3
ORelectronjselectronMatch9.0.0beta4
ORelectronjselectronMatch9.0.0beta5
ORelectronjselectronMatch9.0.0beta6
ORelectronjselectronMatch9.0.0beta7
ORelectronjselectronMatch9.0.0beta8
ORelectronjselectronMatch9.0.0beta9
ORelectronjselectronMatch9.0.1-
ORelectronjselectronMatch9.0.2-
ORelectronjselectronMatch9.0.3-
ORelectronjselectronMatch9.0.4-
ORelectronjselectronMatch9.0.5-
ORelectronjselectronMatch9.0.6-
ORelectronjselectronMatch9.1.0-
ORelectronjselectronMatch9.1.1-
ORelectronjselectronMatch9.1.2-
ORelectronjselectronMatch9.2.0-
ORelectronjselectronMatch9.2.1-
ORelectronjselectronMatch9.3.0-
ORelectronjselectronMatch10.0.0-
ORelectronjselectronMatch10.0.0beta1
ORelectronjselectronMatch10.0.0beta10
ORelectronjselectronMatch10.0.0beta11
ORelectronjselectronMatch10.0.0beta12
ORelectronjselectronMatch10.0.0beta13
ORelectronjselectronMatch10.0.0beta14
ORelectronjselectronMatch10.0.0beta15
ORelectronjselectronMatch10.0.0beta16
ORelectronjselectronMatch10.0.0beta17
ORelectronjselectronMatch10.0.0beta18
ORelectronjselectronMatch10.0.0beta19
ORelectronjselectronMatch10.0.0beta2
ORelectronjselectronMatch10.0.0beta20
ORelectronjselectronMatch10.0.0beta21
ORelectronjselectronMatch10.0.0beta22
ORelectronjselectronMatch10.0.0beta23
ORelectronjselectronMatch10.0.0beta24
ORelectronjselectronMatch10.0.0beta25
ORelectronjselectronMatch10.0.0beta3
ORelectronjselectronMatch10.0.0beta4
ORelectronjselectronMatch10.0.0beta5
ORelectronjselectronMatch10.0.0beta6
ORelectronjselectronMatch10.0.0beta7
ORelectronjselectronMatch10.0.0beta8
ORelectronjselectronMatch10.0.0beta9
ORelectronjselectronMatch10.0.1-
ORelectronjselectronMatch10.1.0-
ORelectronjselectronMatch10.1.1-
ORelectronjselectronMatch11.0.0beta0
ORelectronjselectronMatch11.0.0beta1
ORelectronjselectronMatch11.0.0beta2
ORelectronjselectronMatch11.0.0beta3
ORelectronjselectronMatch11.0.0beta4
ORelectronjselectronMatch11.0.0beta5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:* |
| electronjs | electron | 8.0.0 | cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:* |
CNA Affected
[
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": ">= 8.0.0-beta.0, < 8.5.2"
},
{
"status": "affected",
"version": ">= 9.0.0-beta.0, < 9.3.1"
},
{
"status": "affected",
"version": ">= 10.0.0-beta.0, < 10.1.2"
},
{
"status": "affected",
"version": ">= 11.0.0-beta.0, < 11.0.0-beta.6"
}
]
}
]Related
cvelist
cvelist
CVE-2020-15215 Context isolation bypass in Electron
2020-10-06 18:00:17
prion
prion
Design/Logic Flaw
2020-10-06 18:15:00
osv
osv
Context isolation bypass in Electron
2020-10-06 17:46:40
CVE-2020-15215
2020-10-06 18:15:14
nvd
nvd
CVE-2020-15215
2020-10-06 18:15:14
veracode
veracode
Sandbox Restrictions Bypass
2020-10-07 05:04:37
github
github
Context isolation bypass in Electron
2020-10-06 17:46:40
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
39.5%
Related for CVE-2020-15215