Lucene search

[email protected]NVD:CVE-2020-15096

HistoryJul 07, 2020 - 12:15 a.m.

CVE-2020-15096

2020-07-0700:15:10

CWE-501

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using “contextIsolation” are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.

Affected configurations

Nvd

Node

electronjselectronRange<6.1.1

electronjselectronRange7.0.0–7.2.4

electronjselectronRange8.0.0–8.2.4

electronjselectronMatch9.0.0-

electronjselectronMatch9.0.0beta1

electronjselectronMatch9.0.0beta10

electronjselectronMatch9.0.0beta11

electronjselectronMatch9.0.0beta12

electronjselectronMatch9.0.0beta13

electronjselectronMatch9.0.0beta14

electronjselectronMatch9.0.0beta15

electronjselectronMatch9.0.0beta16

electronjselectronMatch9.0.0beta17

electronjselectronMatch9.0.0beta18

electronjselectronMatch9.0.0beta19

electronjselectronMatch9.0.0beta2

electronjselectronMatch9.0.0beta20

electronjselectronMatch9.0.0beta3

electronjselectronMatch9.0.0beta4

electronjselectronMatch9.0.0beta5

electronjselectronMatch9.0.0beta6

electronjselectronMatch9.0.0beta7

electronjselectronMatch9.0.0beta8

electronjselectronMatch9.0.0beta9

VendorProductVersionCPE
electronjselectron*cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*
electronjselectron9.0.0cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*

Vendor	Product	Version	CPE
electronjs	electron	*	cpe:2.3:a:electronjs:electron::::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:-::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta1::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta10::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta11::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta12::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta13::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta14::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta15::::::
electronjs	electron	9.0.0	cpe:2.3:a:electronjs:electron:9.0.0:beta16::::::

Rows per page:

1-10 of 221

References

github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg

www.electronjs.org/releases/stable?page=3#release-notes-for-v824

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2020-15096

cve1 osv2 cvelist1 veracode1 prion1 github1