fkie_cve-2020-4075
Vulnerability from fkie_nvd
Published
2020-07-07 00:15
Modified
2024-11-21 05:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm | Third Party Advisory | |
| security-advisories@github.com | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A476AD-CF63-41DE-8B71-7CB8CB828BA7",
"versionEndExcluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
},
{
"lang": "es",
"value": "En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, una lectura arbitraria de archivos locales es posible al definir opciones de ventana no seguras en una ventana secundaria abierta por medio de window.open. Como soluci\u00f3n alternativa, aseg\u00farense de llamar a la funci\u00f3n \"event.preventDefault()\" en todos los eventos de ventanas nuevas donde la \"url\" u \"options\" no es algo que se espera. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4"
}
],
"id": "CVE-2020-4075",
"lastModified": "2024-11-21T05:32:15.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T00:15:10.513",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.