Insufficient Verification Of Data Authenticity

2023-12-0409:15:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

electron

vulnerability

data authenticity

macos

filesystem

injection

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

electron is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses on MacOS systems. An attacker is able to inject malicious code or modify app behavior if they have write access to the .app bundle filesystem.

CPENameOperatorVersion
electronle25.8.0
electronle27.0.0-alpha.6
electronle24.8.2
electronle22.3.23
electronle26.2.0
electronle25.8.0
electronle27.0.0-alpha.6
electronle24.8.2
electronle22.3.23
electronle26.2.0

Name	Operator	Version
electron	le	25.8.0
electron	le	27.0.0-alpha.6
electron	le	24.8.2
electron	le	22.3.23
electron	le	26.2.0
electron	le	25.8.0
electron	le	27.0.0-alpha.6
electron	le	24.8.2
electron	le	22.3.23
electron	le	26.2.0