CVE-2022-21718
Published Mar 22, 2022
Last updated a year ago
Overview
- Description
- Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5
- Impact score
- 1.4
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4548B4FE-05C7-4B38-9BD9-F687DBFC0393",
"versionEndExcluding": "13.6.6"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A99CE214-CE9E-4241-B883-7201A737D111",
"versionEndExcluding": "14.2.4",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "619E557E-1349-4591-B668-A50BF968C28A",
"versionEndExcluding": "15.3.5",
"versionStartIncluding": "15.0.0"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1B857C2-D1BD-4605-ABE1-497BDD5A4825",
"versionEndExcluding": "16.0.6",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75600E5E-B4CB-4924-9CFD-E2877FFCCB81"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB42380B-2AE9-481E-BF57-1014E613D7AE"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F76DDDC-1924-45C6-AB59-BD7BEA604098"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C58C2CC-E9C0-4751-8254-41CFCDD24982"
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E72DDD37-90EF-4517-8AEF-C3B584269C62"
}
],
"operator": "OR"
}
]
}
]