How severe is CVE-2022-36077?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-36077?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-36077

MEDIUM Year: 2022

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.

CVE-2016-10702

MEDIUM

CVSS:6.1(Medium)

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by mod...

CWE-2002016

CVE-2018-1059

MEDIUM

CVSS:6.1(Medium)

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translati...

CWE-2002018

CVE-2018-16658

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cas...

CWE-2002018

CVE-2018-20681

MEDIUM

CVSS:6.1(Medium)

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cyclin...

CWE-2002018

CVE-2018-8714

MEDIUM

CVSS:6.1(Medium)

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libra...

CWE-2002018

CVE-2019-9541

MEDIUM

CVSS:6.1(Medium)

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Au...

CWE-2002019

CVE-2022-36077

Vulnerability Description

Related Vulnerabilities

CVE-2016-10702

CVE-2018-1059

CVE-2018-16658

CVE-2018-20681

CVE-2018-8714

CVE-2019-9541