CVE-2020-15174

Unpreventable top-level navigation in Electron

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.

En Electron anteriores a las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1, el evento "will-navigate" que usa las aplicaciones para evitar la navegación a destinos inesperados según nuestras recomendaciones de seguridad se puede omitir cuando una sub-frame realiza una navegación top-frame a través de los sitios. El problema está parcheado en las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1. Como una solución temporal, todos sus iframes utilizan el atributo sandbox. Esto impedirá que creen navegaciones top-frame y es una buena práctica de todos modos

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

Low

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-25 CVE Reserved
2020-10-06 CVE Published
2024-02-24 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-693: Protection Mechanism Failure

CAPEC

References (2)

URL	Tag	Source
https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b	2021-11-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Electronjs Search vendor "Electronjs"		Electron Search vendor "Electronjs" for product "Electron"				>= 8.0.0 < 8.5.1 Search vendor "Electronjs" for product "Electron" and version " >= 8.0.0 < 8.5.1"		-		Affected
Electronjs Search vendor "Electronjs"		Electron Search vendor "Electronjs" for product "Electron"				>= 9.0.0 < 9.3.0 Search vendor "Electronjs" for product "Electron" and version " >= 9.0.0 < 9.3.0"		-		Affected
Electronjs Search vendor "Electronjs"		Electron Search vendor "Electronjs" for product "Electron"				>= 10.0.0 < 10.0.1 Search vendor "Electronjs" for product "Electron" and version " >= 10.0.0 < 10.0.1"		-		Affected