CVE-2022-36077
November 08, 2022
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as "file://some.website.com/", then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the "WebContents.on('will-redirect')" event, for all WebContents as a workaround.
Affected Packages
electron (NPM):
Affected version(s) >=20.0.0-beta.1 <20.0.1Fix Suggestion:
Update to version 20.0.1electron (NPM):
Affected version(s) >=0.1.0 <18.3.7Fix Suggestion:
Update to version 18.3.7electron (NPM):
Affected version(s) >=19.0.0-beta.1 <19.0.11Fix Suggestion:
Update to version 19.0.11Additional Notes
The description of this vulnerability differs from MITRE.
Related ResourcesĀ (4)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
LOW
CVSS v3
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
EPSS
Base Score:
0.09
