Overview
- Description
- electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "F77447F6-4E3F-468E-BBBB-AB248C06CF1B",
"versionEndExcluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha0:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "801B3F79-555D-4FCB-B854-227E8D3FDD9E"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha1:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "3B939D2F-400E-478C-8F45-568D5B7C5756"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha2:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "4ECAF72F-A2E1-4D12-9797-CA1461931579"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha3:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "E03022BB-203E-4750-BCD1-493971C95559"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha4:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "587F242D-22D2-4BE6-BCF0-87C2865546E0"
},
{
"criteria": "cpe:2.3:a:electron:electron-builder:6.3.0:alpha5:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "116D170A-CD87-484A-864E-5CA0D198C947"
}
],
"operator": "OR"
}
]
}
]