CVE-2022-36077
Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
El framework Electron permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. En versiones anteriores a 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7, Electron es vulnerable a la exposición de información confidencial. Al seguir una redirección, Electron retrasa la verificación de la redirección a file:// URL desde otros esquemas. El contenido del archivo no está disponible para el renderizador después de la redirección, pero si el destino de la redirección es una URL SMB como `file://some.website.com/`, en algunos casos, Windows se conectará a ese servidor e intente la autenticación NTLM, que puede incluir el envío de credenciales hash. Este problema se solucionó en las versiones: 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7. Se recomienda a los usuarios actualizar a la última versión estable de Electron. Si no es posible realizar la actualización, este problema se puede solucionar sin realizar la actualización evitando las redirecciones a las URL file:// en el evento `WebContents.on('will-redirect')`, para todos los WebContents como workaround alternativo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-11-08 CVE Published
- 2024-05-31 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | < 18.3.7 Search vendor "Electronjs" for product "Electron" and version " < 18.3.7" | node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | >= 19.0.0 < 19.0.11 Search vendor "Electronjs" for product "Electron" and version " >= 19.0.0 < 19.0.11" | node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | >= 20.0.0 < 20.0.1 Search vendor "Electronjs" for product "Electron" and version " >= 20.0.0 < 20.0.1" | node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha1, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha2, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha3, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha4, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha5, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Electronjs Search vendor "Electronjs" | Electron Search vendor "Electronjs" for product "Electron" | 21.0.0 Search vendor "Electronjs" for product "Electron" and version "21.0.0" | alpha6, node.js |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|