CVE-2022-21718

EPSS 0.91%
Veröffentlicht 22.03.2022 17:15:07
Zuletzt bearbeitet 21.11.2024 06:45:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Renderers can obtain access to random bluetooth device without permission in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 6

NVD 9 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electronjs ≫ Electron Version < 13.6.6

Electronjs ≫ Electron Version >= 14.0.0 < 14.2.4

Electronjs ≫ Electron Version >= 15.0.0 < 15.3.5

Electronjs ≫ Electron Version >= 16.0.0 < 16.0.6

Electronjs ≫ Electron Version17.0.0 Updatealpha1

Electronjs ≫ Electron Version17.0.0 Updatealpha2

Electronjs ≫ Electron Version17.0.0 Updatealpha3

Electronjs ≫ Electron Version17.0.0 Updatealpha4

Electronjs ≫ Electron Version17.0.0 Updatealpha5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.552

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com	3.4	1.7	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N