6.8

CVE-2020-15215

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElectronjsElectron Version8.0.0 Update-
ElectronjsElectron Version8.0.0 Updatebeta0
ElectronjsElectron Version8.0.0 Updatebeta1
ElectronjsElectron Version8.0.0 Updatebeta2
ElectronjsElectron Version8.0.0 Updatebeta3
ElectronjsElectron Version8.0.0 Updatebeta4
ElectronjsElectron Version8.0.0 Updatebeta5
ElectronjsElectron Version8.0.0 Updatebeta6
ElectronjsElectron Version8.0.0 Updatebeta7
ElectronjsElectron Version8.0.0 Updatebeta8
ElectronjsElectron Version8.0.0 Updatebeta9
ElectronjsElectron Version8.0.1 Update-
ElectronjsElectron Version8.0.2 Update-
ElectronjsElectron Version8.0.3 Update-
ElectronjsElectron Version8.1.0 Update-
ElectronjsElectron Version8.1.1 Update-
ElectronjsElectron Version8.2.0 Update-
ElectronjsElectron Version8.2.1 Update-
ElectronjsElectron Version8.2.2 Update-
ElectronjsElectron Version8.2.3 Update-
ElectronjsElectron Version8.2.4 Update-
ElectronjsElectron Version8.2.5 Update-
ElectronjsElectron Version8.3.0 Update-
ElectronjsElectron Version8.3.1 Update-
ElectronjsElectron Version8.3.2 Update-
ElectronjsElectron Version8.3.3 Update-
ElectronjsElectron Version8.3.4 Update-
ElectronjsElectron Version8.4.0 Update-
ElectronjsElectron Version8.4.1 Update-
ElectronjsElectron Version8.5.0 Update-
ElectronjsElectron Version8.5.1 Update-
ElectronjsElectron Version9.0.0 Update-
ElectronjsElectron Version9.0.0 Updatebeta0
ElectronjsElectron Version9.0.0 Updatebeta1
ElectronjsElectron Version9.0.0 Updatebeta10
ElectronjsElectron Version9.0.0 Updatebeta11
ElectronjsElectron Version9.0.0 Updatebeta12
ElectronjsElectron Version9.0.0 Updatebeta13
ElectronjsElectron Version9.0.0 Updatebeta14
ElectronjsElectron Version9.0.0 Updatebeta15
ElectronjsElectron Version9.0.0 Updatebeta16
ElectronjsElectron Version9.0.0 Updatebeta17
ElectronjsElectron Version9.0.0 Updatebeta18
ElectronjsElectron Version9.0.0 Updatebeta19
ElectronjsElectron Version9.0.0 Updatebeta2
ElectronjsElectron Version9.0.0 Updatebeta20
ElectronjsElectron Version9.0.0 Updatebeta3
ElectronjsElectron Version9.0.0 Updatebeta4
ElectronjsElectron Version9.0.0 Updatebeta5
ElectronjsElectron Version9.0.0 Updatebeta6
ElectronjsElectron Version9.0.0 Updatebeta7
ElectronjsElectron Version9.0.0 Updatebeta8
ElectronjsElectron Version9.0.0 Updatebeta9
ElectronjsElectron Version9.0.1 Update-
ElectronjsElectron Version9.0.2 Update-
ElectronjsElectron Version9.0.3 Update-
ElectronjsElectron Version9.0.4 Update-
ElectronjsElectron Version9.0.5 Update-
ElectronjsElectron Version9.0.6 Update-
ElectronjsElectron Version9.1.0 Update-
ElectronjsElectron Version9.1.1 Update-
ElectronjsElectron Version9.1.2 Update-
ElectronjsElectron Version9.2.0 Update-
ElectronjsElectron Version9.2.1 Update-
ElectronjsElectron Version9.3.0 Update-
ElectronjsElectron Version10.0.0 Update-
ElectronjsElectron Version10.0.0 Updatebeta1
ElectronjsElectron Version10.0.0 Updatebeta10
ElectronjsElectron Version10.0.0 Updatebeta11
ElectronjsElectron Version10.0.0 Updatebeta12
ElectronjsElectron Version10.0.0 Updatebeta13
ElectronjsElectron Version10.0.0 Updatebeta14
ElectronjsElectron Version10.0.0 Updatebeta15
ElectronjsElectron Version10.0.0 Updatebeta16
ElectronjsElectron Version10.0.0 Updatebeta17
ElectronjsElectron Version10.0.0 Updatebeta18
ElectronjsElectron Version10.0.0 Updatebeta19
ElectronjsElectron Version10.0.0 Updatebeta2
ElectronjsElectron Version10.0.0 Updatebeta20
ElectronjsElectron Version10.0.0 Updatebeta21
ElectronjsElectron Version10.0.0 Updatebeta22
ElectronjsElectron Version10.0.0 Updatebeta23
ElectronjsElectron Version10.0.0 Updatebeta24
ElectronjsElectron Version10.0.0 Updatebeta25
ElectronjsElectron Version10.0.0 Updatebeta3
ElectronjsElectron Version10.0.0 Updatebeta4
ElectronjsElectron Version10.0.0 Updatebeta5
ElectronjsElectron Version10.0.0 Updatebeta6
ElectronjsElectron Version10.0.0 Updatebeta7
ElectronjsElectron Version10.0.0 Updatebeta8
ElectronjsElectron Version10.0.0 Updatebeta9
ElectronjsElectron Version10.0.1 Update-
ElectronjsElectron Version10.1.0 Update-
ElectronjsElectron Version10.1.1 Update-
ElectronjsElectron Version11.0.0 Updatebeta0
ElectronjsElectron Version11.0.0 Updatebeta1
ElectronjsElectron Version11.0.0 Updatebeta2
ElectronjsElectron Version11.0.0 Updatebeta3
ElectronjsElectron Version11.0.0 Updatebeta4
ElectronjsElectron Version11.0.0 Updatebeta5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.486
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.6 2.2 3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
security-advisories@github.com 5.6 2.2 3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.