PT-2023-28296 · Unknown+1 · Webcatalog+1
Itssixtyn3In
·
Publicado
2023-09-27
·
Atualizado
2024-02-02
·
CVE-2023-42222
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WebCatalog versions prior to 49.0
Description
The issue arises from WebCatalog calling the Electron
shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This leads to incorrect access control.Recommendations
For versions prior to 49.0, update to version 49.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Electron
shell.openExternal function until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Electron
Webcatalog