CVE-2020-15174 - OpenCVE

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Electronjs	Electron

Configuration 1 [-]

OR	cpe:2.3:a:electronjs:electron::::::::
	cpe:2.3:a:electronjs:electron::::::::
	cpe:2.3:a:electronjs:electron::::::::

No data.

References

Link	Providers
https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b
https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-10-06T17:35:13

Updated: 2024-08-04T13:08:22.398Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15174

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-06T18:15:14.283

Modified: 2021-11-18T16:55:32.517

Link: CVE-2020-15174

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "electron", "vendor": "electron", "versions": [{"status": "affected", "version": ">= 8.0.0-beta.0, < 8.5.1"}, {"status": "affected", "version": ">= 9.0.0-beta.0, < 9.3.0"}, {"status": "affected", "version": ">= 10.0.0-beta.0, < 10.0.1"}]}], "descriptions": [{"lang": "en", "value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T17:35:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"}], "source": {"advisory": "GHSA-2q4g-w47c-4674", "discovery": "UNKNOWN"}, "title": "Unpreventable top-level navigation in Electron", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15174", "STATE": "PUBLIC", "TITLE": "Unpreventable top-level navigation in Electron"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "electron", "version": {"version_data": [{"version_value": ">= 8.0.0-beta.0, < 8.5.1"}, {"version_value": ">= 9.0.0-beta.0, < 9.3.0"}, {"version_value": ">= 10.0.0-beta.0, < 10.0.1"}]}}]}, "vendor_name": "electron"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693 Protection Mechanism Failure"}]}, {"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674", "refsource": "CONFIRM", "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"}, {"name": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b", "refsource": "MISC", "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"}]}, "source": {"advisory": "GHSA-2q4g-w47c-4674", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.398Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15174", "datePublished": "2020-10-06T17:35:13", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DC7932C-69B7-49B9-820F-3B94EC01F885", "versionEndExcluding": "8.5.1", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "31009479-D311-46F3-80FB-66D67884BADC", "versionEndExcluding": "9.3.0", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "999A166F-06ED-42E8-BA49-61F4120C6893", "versionEndExcluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."}, {"lang": "es", "value": "En Electron anteriores a las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1, el evento \"will-navigate\" que usa las aplicaciones para evitar la navegaci\u00f3n a destinos inesperados seg\u00fan nuestras recomendaciones de seguridad se puede omitir cuando una sub-frame realiza una navegaci\u00f3n top-frame a trav\u00e9s de los sitios. El problema est\u00e1 parcheado en las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1. Como una soluci\u00f3n temporal, todos sus iframes utilizan el atributo sandbox. Esto impedir\u00e1 que creen navegaciones top-frame y es una buena pr\u00e1ctica de todos modos"}], "id": "CVE-2020-15174", "lastModified": "2021-11-18T16:55:32.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-10-06T18:15:14.283", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-693"}], "source": "security-advisories@github.com", "type": "Secondary"}]}