CVE-2022-29247 - Vulnerability Details

Vendors	Products
Electronjs	Electron

Link	Providers
https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7

{"containers": {"cna": {"affected": [{"product": "electron", "vendor": "electron", "versions": [{"status": "affected", "version": "< 15.5.5"}, {"status": "affected", "version": ">= 16.0.0-beta.1, < 16.2.6"}, {"status": "affected", "version": ">= 17.0.0-beta.1, < 17.2.0"}, {"status": "affected", "version": ">= 18.0.0-beta.1, <= 18.0.0-beta.5"}]}], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-13T21:05:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"}], "source": {"advisory": "GHSA-mq8j-3h7h-p8g7", "discovery": "UNKNOWN"}, "title": "Exposure of Resource to Wrong Sphere in Electron", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29247", "STATE": "PUBLIC", "TITLE": "Exposure of Resource to Wrong Sphere in Electron"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "electron", "version": {"version_data": [{"version_value": "< 15.5.5"}, {"version_value": ">= 16.0.0-beta.1, < 16.2.6"}, {"version_value": ">= 17.0.0-beta.1, < 17.2.0"}, {"version_value": ">= 18.0.0-beta.1, <= 18.0.0-beta.5"}]}}]}, "vendor_name": "electron"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668: Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7", "refsource": "CONFIRM", "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"}]}, "source": {"advisory": "GHSA-mq8j-3h7h-p8g7", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.477Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29247", "datePublished": "2022-06-13T21:05:10", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T06:17:54.477Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A3846F-57BE-4ABE-A656-CA28FD62BA62", "versionEndExcluding": "15.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA3F2F40-BD84-4541-B5B3-5DC5DC3AEC24", "versionEndExcluding": "16.2.6", "versionStartIncluding": "16.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B4978EA-362E-46C8-A56B-4F4B47237C05", "versionEndExcluding": "17.2.0", "versionStartIncluding": "17.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "DCBD6783-12BE-4D63-B403-188943FB4F02", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "989D1505-66D5-4855-A8FA-58F9566FF7FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "E6C15DE2-CA55-4A42-8D64-C44068B24B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "2A4E764B-39E3-4C93-8F7F-1ACFA66FA51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "B67FFDE1-21D0-412E-95FB-D86A350EC9A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "04F71865-1B3E-4882-B316-87AEAEB84A9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "CF914799-7DA1-4B93-9445-1DFCD72D6A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "3DE7DE50-D9B1-48D9-A8F8-2DF34B80BC6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "2E8C22CB-3247-47F9-8E54-F694437090ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2C8C94BE-5D08-4563-AF15-5FC06BB679AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "987FAB5C-E1EC-4831-9AA0-FAD35A376584", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "FAF77E7D-D445-480D-BEBF-A071B58475C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "570418D1-09E9-4A39-8F19-D4ABC1788983", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "4D0F4031-84D6-4E8D-AED5-D8C1E5ED3CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F2B316FE-6214-46FA-88FF-F684DD3D53C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "D8FA77A9-A4AF-404A-B144-97A3CE679444", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "6A9DB6A0-6C09-44F9-A76B-7600E9B44CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "470F4DB3-4AB0-402F-A18C-22A430993F3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "11BEDA0E-71FE-4D37-B06F-FA4B281CD970", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "05B3D931-5802-471E-AE40-9282CC03E4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "56721A2E-45B2-4D19-B25D-DD8628185B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "577CBB14-4AEF-4CF2-B203-88055A68810D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "16A23DCC-2355-4431-A452-40BC95D3164E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."}, {"lang": "es", "value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en las versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 permite que un renderizador con ejecuci\u00f3n de JS obtenga acceso a un nuevo proceso de renderizaci\u00f3n con \"nodeIntegrationInSubFrames\" habilitado, lo que a su vez permite el acceso efectivo a \"ipcRenderer\". La opci\u00f3n \"nodeIntegrationInSubFrames\" no concede impl\u00edcitamente el acceso a Node.js. M\u00e1s bien, depende de la configuraci\u00f3n del sandbox existente. Si una aplicaci\u00f3n est\u00e1 en sandbox, entonces \"nodeIntegrationInSubFrames\" s\u00f3lo da acceso a las APIs del renderizador en sandbox, que incluyen \"ipcRenderer\". Si la aplicaci\u00f3n expone adicionalmente mensajes IPC sin la comprobaci\u00f3n de IPC \"senderFrame\" que llevan a cabo acciones privilegiadas o devuelven datos confidenciales este acceso a \"ipcRenderer\" puede a su vez comprometer su aplicaci\u00f3n / usuario incluso con el sandbox habilitado. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una correcci\u00f3n para este problema. Como soluci\u00f3n, aseg\u00farese de que todos los manejadores de mensajes IPC comprueban apropiadamente \"senderFrame\""}], "id": "CVE-2022-29247", "lastModified": "2024-11-21T06:58:48.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-13T21:15:07.763", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object