CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
electron-updater
- 6.3.0-alpha.6 and later
Source
security-advisories@github.com
Tags
CVE-2024-39698 details
Last Modified : July 9, 2024, 6:18 p.m.
Description
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-154 | Improper Neutralization of Variable Name Delimiters | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
1.6
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41 | security-advisories@github.com |
https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f | security-advisories@github.com |
https://github.com/electron-userland/electron-builder/pull/8295 | security-advisories@github.com |
https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq | security-advisories@github.com |