CVE-2022-29247
Exposure of Resource to Wrong Sphere in Electron
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en las versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 permite que un renderizador con ejecución de JS obtenga acceso a un nuevo proceso de renderización con "nodeIntegrationInSubFrames" habilitado, lo que a su vez permite el acceso efectivo a "ipcRenderer". La opción "nodeIntegrationInSubFrames" no concede implícitamente el acceso a Node.js. Más bien, depende de la configuración del sandbox existente. Si una aplicación está en sandbox, entonces "nodeIntegrationInSubFrames" sólo da acceso a las APIs del renderizador en sandbox, que incluyen "ipcRenderer". Si la aplicación expone adicionalmente mensajes IPC sin la comprobación de IPC "senderFrame" que llevan a cabo acciones privilegiadas o devuelven datos confidenciales este acceso a "ipcRenderer" puede a su vez comprometer su aplicación / usuario incluso con el sandbox habilitado. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una corrección para este problema. Como solución, asegúrese de que todos los manejadores de mensajes IPC comprueban apropiadamente "senderFrame"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-13 CVE Reserved
- 2022-06-13 CVE Published
- 2024-01-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | < 15.5.5 Search vendor "Electronjs" for product "Electron" and version " < 15.5.5" | - |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | >= 16.0.1 < 16.2.6 Search vendor "Electronjs" for product "Electron" and version " >= 16.0.1 < 16.2.6" | - |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | >= 17.0.1 < 17.2.0 Search vendor "Electronjs" for product "Electron" and version " >= 17.0.1 < 17.2.0" | - |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta1 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta2 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta3 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta4 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta5 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta6 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta7 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta8 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 16.0.0 Search vendor "Electronjs" for product "Electron" and version "16.0.0" | beta9 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta1 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta2 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta3 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta4 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta5 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta6 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta7 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta8 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 17.0.0 Search vendor "Electronjs" for product "Electron" and version "17.0.0" | beta9 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 18.0.0 Search vendor "Electronjs" for product "Electron" and version "18.0.0" | beta1 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 18.0.0 Search vendor "Electronjs" for product "Electron" and version "18.0.0" | beta2 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 18.0.0 Search vendor "Electronjs" for product "Electron" and version "18.0.0" | beta3 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 18.0.0 Search vendor "Electronjs" for product "Electron" and version "18.0.0" | beta4 |
Affected
| ||||||
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 18.0.0 Search vendor "Electronjs" for product "Electron" and version "18.0.0" | beta5 |
Affected
| ||||||